HIGH🇬🇧 English

CVE-2026-40967

CVSS 8.6v3.1pub. 2026-04-28upd. 2026-04-29

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
  • VMware Spring Ai

    APP
    Vmware
    1.0.0 – 1.0.6 (bez)1.1.0 – 1.1.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-22738CRITICAL9.8PL ✓ten sam produkt

SpEL injection w Spring AI SimpleVectorStore umożliwia RCE

CVE-2026-41713HIGH8.2ten sam produkt

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in...

CVE-2026-41712HIGH7.5ten sam produkt

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could ...

CVE-2026-41705HIGH8.6ten sam produkt

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via u...

CVE-2026-40978HIGH8.8ten sam produkt

SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL que...