CVE-2026-40967
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Summary
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query.
Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Spring | Spring AI | 1.0.0 < 1.0.6 | affected |
| Spring | Spring AI | 1.1.0 < 1.1.5 | affected |
Weaknesses
- CWE-94: CWE-94: Improper Control of Generation of Code
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.