CVE-2026-40967

CVE Database · CVE-2026-40967

CVE-2026-40967

· HIGHAnalyzed

CVSS v3.1

8.6

EPSS

0.39%

Published

Apr 28, 2026

Modified

Apr 29, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Weaknesses (CWE)

CWE-94

Affected Products (2)

vmware · spring_ai (up to 1.0.6)vulnerable

vmware · spring_ai (up to 1.1.5)vulnerable

References (1)

https://spring.io/security/cve-2026-40967

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs