HarborGuard / CVE
Back to search
HIGHCVE-2026-40967Published Modified CNA vmware

CVE-2026-40967: In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

Metrics

CVSS v3.1
8.6
Severity
HIGH
Fixed in
1.0.6
Affected Products
1

Fix available

1.0.61.1.5
Affected packages
  • Spring / Spring AI
    < 1.0.6 (from 1.0.0) · < 1.1.5 (from 1.1.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
References