HIGH🇵🇱 Wersja polska

CVE-2026-40967

CVSS 8.6v3.1pub. 2026-04-28upd. 2026-04-29

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
  • VMware Spring Ai

    APP
    Vmware
    1.0.0 – 1.0.6 (bez)1.1.0 – 1.1.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-22738CRITICAL9.8PL ✓ten sam produkt

SpEL injection w Spring AI SimpleVectorStore umożliwia RCE

CVE-2026-41713HIGH8.2ten sam produkt

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in...

CVE-2026-41712HIGH7.5ten sam produkt

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could ...

CVE-2026-41705HIGH8.6ten sam produkt

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via u...

CVE-2026-40978HIGH8.8ten sam produkt

SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL que...