← Voltar para CVEs
CVE-2026-40967
HIGH8.6
Descricao
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Detalhes CVE
Pontuacao CVSS v3.18.6
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/28/2026
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
vmware:spring_ai
Fraquezas (CWE)
CWE-94
Referencias
https://spring.io/security/cve-2026-40967(security@vmware.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.