Spring AI 1.0-1.0.5 Query-Language Injection via Unescaped Filters
CVE-2026-40967 Published on April 28, 2026
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Vulnerability Analysis
CVE-2026-40967 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2026-40967 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2026-40967
Want to know whenever a new CVE is published for VMware Spring Framework? stack.watch will email you.
Affected Versions
Spring AI:- Version 1.0.0 and below 1.0.6 is affected.
- Version 1.1.0 and below 1.1.5 is affected.