Spring AI has a VectorStore FilterExpression Converter injection

GHSA-qc4j-qjqx-vr58 · CVE-2026-40967

Published Apr 28, 2026 · Modified May 6, 2026

Description

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query.

Affected versions:
Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-40967
PACKAGE https://github.com/spring-projects/spring-ai
WEB https://spring.io/security/cve-2026-40967

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes