Injection Flaws (CVE-2026-40967 & 40978) Hit Spring AI Vector Stores

Two significant vulnerabilities have been disclosed in Spring AI that could allow attackers to manipulate database queries and compromise sensitive information. These flaws, identified as CVE-2026-40967 and CVE-2026-40978, underscore the critical importance of input validation when bridging AI applications with backend data stores.

The first vulnerability, CVE-2026-40967, carries a CVSS score of 8.6. It centers on the FilterExpression Converter implementations within Spring AI. These converters are responsible for translating filter expression objects into the specific query languages used by various vector stores.

The core of the issue lies in improper escaping. In several implementations, keys and values within these expressions are not correctly sanitized. This oversight allows an attacker to inject malicious content into a filter expression, effectively altering the resulting query.

Applications are vulnerable only if they utilize VectorStore implementations and pass user-supplied input directly as a filterExpression.

The second vulnerability, CVE-2026-40978, is slightly more severe with a CVSS score of 8.8. This is a classic SQL injection flaw located specifically within the CosmosDBVectorStore.doDelete() method.

In this scenario, attackers can execute arbitrary SQL queries by providing crafted document IDs. Similar to the previous flaw, this vulnerability is conditional. It only affects applications that use the CosmosDBVectorStore and allow user-supplied input to reach the document ID parameter without proper validation.

Both vulnerabilities affect a range of Spring AI releases. Organizations currently using the following versions are urged to take immediate action:

• Affected Versions: 1.0.0 through 1.0.x and 1.1.0 through 1.1.x.

To secure your environment, the primary mitigation strategy is a direct upgrade to the corresponding fixed versions.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.