CVE-2026-40967
Received Received - Intake
Improper Input Escaping in Spring AI FilterExpressionConverter Leads to Query Manipulation

Publication date: 2026-04-28

Last updated on: 2026-04-29

Assigner: VMware

Description
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-14
NVD
CVE-2026-40967
EUVD
EUVD-2026-25994
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vmware spring_ai From 1.0.0 (inc) to 1.0.6 (exc)
vmware spring_ai From 1.1.0 (inc) to 1.1.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability affects applications using Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4 that utilize VectorStore implementations and pass user-supplied input as filterExpression parameters.

Detection involves identifying if your system is running an affected version of Spring AI and if it uses FilterExpressionConverter implementations with user-supplied filter expressions.

No specific detection commands or network signatures are provided in the available information.

Mitigation Strategies

The primary and recommended mitigation step is to upgrade Spring AI to the fixed versions: 1.0.6 for the 1.0.x branch or 1.1.5 for the 1.1.x branch.

No additional mitigation steps are required beyond upgrading.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-40967 is a high-severity vulnerability in Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4. It occurs in various FilterExpressionConverter implementations that translate filter expression objects into specific vector store query languages.

The problem is that in several cases, keys and values in these filter expressions are not properly escaped. This improper escaping allows attackers to manipulate or alter the resulting queries.

This vulnerability affects applications using VectorStore implementations that pass user-supplied input as filterExpression parameters.

Impact Analysis

Because attackers can alter the queries by exploiting the improper escaping of keys and values, this can lead to unauthorized access or manipulation of data.

The CVSS score indicates a high confidentiality impact, meaning sensitive data could be exposed. There is also a low integrity and availability impact, suggesting some data manipulation or service disruption is possible but less severe.

The attack can be performed remotely over the network without any privileges or user interaction, making it easier for attackers to exploit.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40967. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart