Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreCVE-2026-40967: VectorStore FilterExpression Converter injection
Description
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query.
Only applications that use VectorStore implementations and pass user-supplied input as a filterExpression are affected.
Affected Spring Products and Versions
Spring AI:
- 1.0.0 - 1.0.x
- 1.1.0 - 1.1.x
Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
| Affected version(s) | Fix version | Availability |
|---|---|---|
| 1.0.x | 1.0.6 | OSS |
| 1.1.x | 1.1.5 | OSS |
No further mitigation steps are necessary.
Credit
The issue was reported responsibly by
- Quan Le of Unit 515 from OPSWAT @aleister1102
- Cantina's AppSec agent, Apex (https://www.cantina.security/)
- @Evil-Squirt1e
- Bofei Chen @qxyuan853
- Andrew Orr at Tenable
- @blindhacker99 - https://x.com/ph0smet
- ChenPeng [Ant Group]
- SharlongWen
- @wo1enca1ca1
- Meriem BELHORA @MeryBelh
- @rockmelodies
- Hyunwoo Kim (@V4bel)
- Yu Bao August829 - yubao@paypal.com - who works for paypal.com
References
Reporting a vulnerability
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all