Description
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query.

Affected versions:
Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Published: 2026-04-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Spring AI’s FilterExpressionConverter component processes filter expressions and converts them into query language syntax for vector stores. The implementations for several filters fail to escape keys and values properly. As a result, an attacker can inject arbitrary text into the generated query, allowing them to manipulate the query logic or execute unintended commands. This flaw is a code injection vulnerability that can compromise the integrity of the underlying query processing system and potentially enable attackers to gain unauthorized access to data or execute arbitrary code. The weakness is identified as CWE‑94: Improper Handling of Code in Code Generation.

Affected Systems

The affected products are Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4. These ranges were fixed starting with Spring AI 1.0.6 and 1.1.5, respectively. Users running any of the affected releases are at risk.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity vulnerability. No EPSS score is available, so the likelihood of exploitation cannot be quantified from the provided data, but the lack of a KEV designation suggests that it has not yet been widely exploited. The attack vector relies on providing a specially crafted filter expression that is processed by an application using the vulnerable Spring AI component. If the application exposes an interface for filter expressions, an attacker could supply malicious input to alter the query logic.

Generated by OpenCVE AI on April 28, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Spring AI 1.0.6 or later, or 1.1.5 or later, to apply the patch that properly escapes keys and values.
  • If upgrading is not immediately possible, restrict user‑supplied filter expressions to a safe, whitelisted set of allowed tokens or validate the syntax to prevent unescaped input.
  • If the vulnerable feature is not needed, disable or remove the filter expression conversion functionality to eliminate the risk.

Generated by OpenCVE AI on April 28, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qc4j-qjqx-vr58 Spring AI has a VectorStore FilterExpression Converter injection
References
Link Providers
https://spring.io/security/cve-2026-40967 cve-icon cve-icon
History

Wed, 29 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware spring Ai
CPEs cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*
Vendors & Products Vmware
Vmware spring Ai

Wed, 29 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Title Unescaped Filter Expressions Enable Query Injection in Spring AI

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Spring
Spring spring
Vendors & Products Spring
Spring spring

Tue, 28 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}

 cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}

Tue, 28 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}

Subscriptions

Spring Spring
Vmware Spring Ai
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-04-29T13:29:47.165Z

Reserved: 2026-04-16T02:18:56.133Z

Link: CVE-2026-40967

cve-icon Vulnrichment

Updated: 2026-04-28T12:31:49.476Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-28T07:16:03.360

Modified: 2026-04-29T19:04:59.077

Link: CVE-2026-40967

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:30:27Z

Weaknesses