cbcvebase.
CVE-2026-40967
published 2026-04-28

CVE-2026-40967: In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages…

PriorityP349high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
EPSS
0.39%
31.2th percentile
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

Affected

4 ranges
VendorProductVersion rangeFixed in
springspring_ai>= 1.0.0 < 1.0.61.0.6
springspring_ai>= 1.1.0 < 1.1.51.1.5
vmwarespring_ai>= 1.0.0 < 1.0.61.0.6
vmwarespring_ai>= 1.1.0 < 1.1.51.1.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.