Vulnerabilities

Report: CVE-2026-40967 - Spring AI Unvalidated Filter Expression Converter Vulnerability (Code Injection)

2026-04-28 0 views admin

CVE ID :CVE-2026-40967 Published : April 28, 2026, 6:03 a.m. | 1 hour, 8 minutes ago Description :In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5) Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-40967

Severity

HIGH

Published

April 28, 2026

🏷️ Tags

report40967springunvalidatedfilterexpressionconvertervulnerabilityinjectioncve

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-40967 - Spring AI Unvalidated Filter Expression Converter Vulnerability (Code Injection)

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-7235 - ErlichLiu claude-agent-sdk-master route.ts path traversal - 2025 Update

Report: CVE-2026-40966 - VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memor

Report: CVE-2026-7237 - AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal

Report: Latest: CVE-2026-4805 - Woostify <= 2.5.0 - authenticated (contributor+) stored cross-site scripting via ...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting