CVE-2026-40967
Received Received - Intake
Improper Input Escaping in Spring AI FilterExpressionConverter Leads to Query Manipulation

Publication date: 2026-04-28

Last updated on: 2026-04-29

Assigner: VMware

Description
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2026-04-28
EPSS Evaluated
2026-05-05
NVD
CVE-2026-40967
EUVD
EUVD-2026-25994
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vmware spring_ai From 1.0.0 (inc) to 1.0.6 (exc)
vmware spring_ai From 1.1.0 (inc) to 1.1.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability affects applications using Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4 that utilize VectorStore implementations and pass user-supplied input as filterExpression parameters.

Detection involves identifying if your system is running an affected version of Spring AI and if it uses FilterExpressionConverter implementations with user-supplied filter expressions.

No specific detection commands or network signatures are provided in the available information.


What immediate steps should I take to mitigate this vulnerability?

The primary and recommended mitigation step is to upgrade Spring AI to the fixed versions: 1.0.6 for the 1.0.x branch or 1.1.5 for the 1.1.x branch.

No additional mitigation steps are required beyond upgrading.


Can you explain this vulnerability to me?

CVE-2026-40967 is a high-severity vulnerability in Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4. It occurs in various FilterExpressionConverter implementations that translate filter expression objects into specific vector store query languages.

The problem is that in several cases, keys and values in these filter expressions are not properly escaped. This improper escaping allows attackers to manipulate or alter the resulting queries.

This vulnerability affects applications using VectorStore implementations that pass user-supplied input as filterExpression parameters.


How can this vulnerability impact me? :

Because attackers can alter the queries by exploiting the improper escaping of keys and values, this can lead to unauthorized access or manipulation of data.

The CVSS score indicates a high confidentiality impact, meaning sensitive data could be exposed. There is also a low integrity and availability impact, suggesting some data manipulation or service disruption is possible but less severe.

The attack can be performed remotely over the network without any privileges or user interaction, making it easier for attackers to exploit.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart