Spring CLI Vulnerability Allows Attackers to Execute Commands on User Systems 

A command-injection vulnerability in the Spring CLI VSCode extension allows attackers to execute arbitrary commands on affected user machines.  

The vulnerability, tracked as CVE-2026-22718, affects all versions of the extension through…