CVE-2026-40978
published 2026-04-28CVE-2026-40978: SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions…
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.34%
25.6th percentile
SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs.
Affected versions:
Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spring | spring_ai | >= 1.0.0 < 1.0.6 | 1.0.6 |
| spring | spring_ai | >= 1.1.0 < 1.1.5 | 1.1.5 |
| vmware | spring_ai | >= 1.0.0 < 1.0.6 | 1.0.6 |
| vmware | spring_ai | >= 1.1.0 < 1.1.5 | 1.1.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Vmware Spring AI up to 1.0.5/1.1.4 Document ID CosmosDBVectorStore sql injection
vuldb·2026-04-28·CVSS 8.8
CVE-2026-40978 [HIGH] Vmware Spring AI up to 1.0.5/1.1.4 Document ID CosmosDBVectorStore sql injection
A vulnerability, which was classified as critical, has been found in Vmware Spring AI up to 1.0.5/1.1.4. Affected is the function CosmosDBVectorStore of the component Document ID Handler. This manipulation causes sql injection.
This vulnerability is handled as CVE-2026-40978. The attack can be initiated remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
GHSA
Spring AI has SQL Injection in CosmosDBVectorStore.doDelete()
ghsa·2026-04-28
CVE-2026-40978 [HIGH] CWE-89 Spring AI has SQL Injection in CosmosDBVectorStore.doDelete()
Spring AI has SQL Injection in CosmosDBVectorStore.doDelete()
SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs.
Affected versions:
Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-28
Published