CVE-2026-40967 PUBLISHED

Assigner: vmware
Reserved: 16.04.2026 Published: 28.04.2026 Updated: 28.04.2026

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query.

Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVSS Score: 8.6

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Spring
Product	Spring AI
Versions	Default: unaffected affected from 1.0.0 to 1.0.6 (excl.) affected from 1.1.0 to 1.1.5 (excl.)

References

https://spring.io/security/cve-2026-40967

Problem Types

CWE-94: Improper Control of Generation of Code CWE