The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.Referenceshttps://spring.io/security/cve-2026-22718
