Filter-Expression Injection in Spring AI MilvusVectorStore#doDelete v1.01.1
CVE-2026-41705 Published on May 9, 2026
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 or greater.
Vulnerability Analysis
CVE-2026-41705 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an EL Injection Vulnerability?
The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
CVE-2026-41705 has been classified to as an EL Injection vulnerability or weakness.
Affected Versions
Spring AI:- Version 1.0.0 and below 1.0.7 is affected.
- Version 1.1.0 and below 1.1.6 is affected.