CVE-2026-40967 - High - CVE-2026-40967: VectorStore FilterExpression Converter injection
Spring
·
2026-04-27
·
via Spring Security Advisories
Description In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Only applications that use VectorStore implementations and pass user-supplied input as a filterExpression are affected. Affected Spring Products and Versions Spring AI: 1.0.0 - 1.0.x 1.1.0 - 1.1.x Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s) Fix version Availability 1.0.x 1.0.6 OSS 1.1.x 1.1.5 OSS No further mitigation steps are necessary. Credit The issue was reported responsibly by Quan Le of Unit 515 from OPSWAT @aleister1102 Cantina's AppSec agent, Apex ( https://www.cantina.security/ ) @Evil-Squirt1e Bofei Chen @qxyuan853 Andrew Orr at Tenable @blindhacker99 - https://x.com/ph0smet ChenPeng [Ant Group] SharlongWen @wo1enca1ca1 Meriem BELHORA @MeryBelh @rockmelodies Hyunwoo Kim ( @V4bel ) Yu Bao August829 - yubao@paypal.com - who works for paypal.com References https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。