CVE-2026-40967
Last modified
CVE-2026-40967 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5). EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Ai | >= 1.0.0, < 1.0.6 |
| Vmware | Spring Ai | >= 1.1.0, < 1.1.5 |
References
- https://spring.io/security/cve-2026-40967Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-40967?
How severe is CVE-2026-40967?
How do I fix CVE-2026-40967?
Are you affected by CVE-2026-40967?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST