CVE-2026-40967

HIGH CVSS 8.6 View on NVD ↗

Description

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

References

https://spring.io/security/cve-2026-40967

Published: Apr 28, 2026 07:16 UTC Modified: Apr 28, 2026 20:11 UTC