CVE-2026-40967: Spring AI has a VectorStore FilterExpression Converter injection

April 28, 2026 (updated May 6, 2026)

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query.

Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

References

github.com/advisories/GHSA-qc4j-qjqx-vr58
github.com/spring-projects/spring-ai
nvd.nist.gov/vuln/detail/CVE-2026-40967
spring.io/security/cve-2026-40967

Code Behaviors & Features

Detect and mitigate CVE-2026-40967 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →