Threat Advisory

Apache Spring AI Vector Store Injection Vulnerabilities

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Spring AI, specifically affecting versions 1.0.0 through 1.0.x and 1.1.0 through 1.1.x. These vulnerabilities, discovered as CVE-2026-40967 and CVE-2026-40978, are categorized as input validation flaws that can lead to database query manipulation and data compromise. This issue underscores the critical importance of proper input validation when integrating AI applications with database data stores. If left unaddressed, these vulnerabilities pose a significant risk, potentially allowing attackers to gain unauthorized access to sensitive information, leading to data breaches and loss of customer trust.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Spring AI, specifically affecting versions 1.0.0 through 1.0.x and 1.1.0 through 1.1.x. These vulnerabilities, discovered as CVE-2026-40967 and CVE-2026-40978, are categorized as input validation flaws that can lead to database query manipulation and data compromise. This issue underscores the critical importance of proper input validation when integrating AI applications with database data stores. If left unaddressed, these vulnerabilities pose a significant risk, potentially allowing attackers to gain unauthorized access to sensitive information, leading to data breaches and loss of customer trust.[emaillocker id="1283"]

  • CVE-2026-40967 with a CVSS score of 8.6 – This vulnerability is related to improper escaping of keys and values in FilterExpression Converter implementations, allowing attackers to inject malicious content into filter expressions and alter resulting queries. An attacker can exploit this vulnerability by providing crafted filter expressions that are passed directly to VectorStore implementations without proper validation.
  • CVE-2026-40978 with a CVSS score of 8.8 – This is a SQL injection flaw located within the CosmosDBVectorStore.doDelete() method, allowing attackers to execute arbitrary SQL queries by providing crafted document IDs. An attacker can exploit this vulnerability by providing user-supplied input that reaches the document ID parameter without proper validation in applications using the CosmosDBVectorStore.

Organizations using affected versions of Spring AI should be aware of the substantial risk these vulnerabilities pose. If exploited, these vulnerabilities could lead to unauthorized access to sensitive data and data breaches. The consequences would be severe, including reputational damage, loss of customer trust, and potential financial losses.

RECOMMENDATION:

  • We recommend you to update Spring AI to version 1.0.6 and 1.1.5.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/spring-ai-vector-store-injection-vulnerabilities-patch-guide/

[/emaillocker]
crossmenu