Description
SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs.

Affected versions:
Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Published: 2026-04-28
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in the CosmosDBVectorStore component of Spring AI allows an attacker to inject arbitrary SQL statements by manipulating the document ID field. This flaw can be exploited to read, modify, or delete data stored in the underlying Cosmos DB, potentially exposing sensitive information or corrupting data. The weakness corresponds to CWE‑89, a classic SQL injection vulnerability that directly jeopardizes database confidentiality and integrity when accessed by an attacker.

Affected Systems

This issue affects Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4. Users running any of these releases should consider them vulnerable until they upgrade to version 1.0.6 or 1.1.5, where the flaw is fixed.

Risk and Exploitability

With a CVSS score of 8.8, the vulnerability is deemed high severity. No EPSS score is publicly available, and it is not listed in CISA KEV, indicating no confirmed public exploitation yet. Nevertheless, because the flaw is a remote SQL injection, an attacker can achieve arbitrary database code execution from a remote attacker without authentication, assuming the application accepts user‑provided document IDs. The high exploitability score reflects the potential for widespread impact if the application is exposed to untrusted input.

Generated by OpenCVE AI on April 28, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Spring AI to version 1.0.6 or later, or 1.1.5 or later, to apply the vendor‑provided fix.
  • If an immediate upgrade is not possible, disable or restrict any public‑facing APIs that pass user‑supplied document IDs to CosmosDBVectorStore until a patch can be applied.
  • Implement strict input validation on the document ID field, allowing only alphanumeric characters or a safe subset, and use parameterized queries to eliminate injection risk.

Generated by OpenCVE AI on April 28, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://spring.io/security/cve-2026-40978 cve-icon cve-icon
History

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title SQL Injection via CosmosDBVectorStore Document ID

Tue, 28 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-04-28T12:33:43.541Z

Reserved: 2026-04-16T02:19:04.616Z

Link: CVE-2026-40978

cve-icon Vulnrichment

Updated: 2026-04-28T12:33:38.211Z

cve-icon NVD

Status : Received

Published: 2026-04-28T09:16:16.583

Modified: 2026-04-28T09:16:16.583

Link: CVE-2026-40978

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:30:31Z

Weaknesses