PT-2026-39225 · Vmware · Spring Ai
Sharlongwen
·
Published
2026-05-08
·
Updated
2026-05-12
·
CVE-2026-41705
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:N/C:C/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Spring AI versions 1.0.0 through 1.0.6
Spring AI versions 1.1.0 through 1.1.5
Description
The
doDelete(List) function in the MilvusVectorStore implementation is susceptible to filter-expression injection. This occurs because document IDs are not properly sanitized, which could allow an attacker to destroy data.Recommendations
Upgrade Spring AI versions 1.0.0 through 1.0.6 to 1.0.7 or greater.
Upgrade Spring AI versions 1.1.0 through 1.1.5 to 1.1.6 or greater.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring Ai