PT-2026-35667 · Vmware · Spring Ai

Andrew Orr

+15

Published

2026-04-28

Updated

2026-05-04

CVE-2026-40967

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.5 Spring AI versions 1.1.0 through 1.1.4

Description Various FilterExpressionConverter implementations fail to properly escape keys and values when translating filter expression objects into specific vector store query languages. This improper escaping allows for query injection, which can enable attackers to alter vector store queries, potentially leading to data exposure and tampering.

Recommendations Update versions 1.0.0 through 1.0.5 to 1.0.6. Update versions 1.1.0 through 1.1.4 to 1.1.5.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2026-40967

GHSA-QC4J-QJQX-VR58

Affected Products

Spring Ai

PT-2026-35667 · Vmware · Spring Ai

CVE-2026-40967

Weakness Enumeration

Related Identifiers

Affected Products

References · 10