Security Advisory

CVE-2026-40967

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-28 06:03:51

Last updated 2026-04-29 13:29:47

Assigner vmware

State PUBLISHED

Description

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

← Browse all CVEs View on cve.org ↗