{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/spring-ai-1.0.x--1.0.6/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.6,"id":"CVE-2026-40967"},{"cvss":8.8,"id":"CVE-2026-40978"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Spring AI (1.0.x \u003c 1.0.6)","Spring AI (1.1.x \u003c 1.1.5)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","sql-injection","code-injection","spring-ai"],"_cs_type":"advisory","_cs_vendors":["Spring"],"content_html":"\u003cp\u003eOn April 27, 2026, Spring published security advisories addressing critical vulnerabilities within the Spring AI framework. Specifically, CVE-2026-40967 details a VectorStore FilterExpression Converter injection vulnerability, while CVE-2026-40978 outlines a SQL Injection flaw within the CosmosDBVectorStore.doDelete() function. These vulnerabilities affect Spring AI versions 1.0.x prior to 1.0.6 and 1.1.x prior to 1.1.5. Exploitation of these vulnerabilities could allow for unauthorized data access or modification, potentially leading to significant data breaches and system compromise. It is crucial for organizations utilizing Spring AI to apply the necessary updates promptly to mitigate these risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Spring AI instance running a version prior to 1.0.6 or 1.1.5.\u003c/li\u003e\n\u003cli\u003eFor CVE-2026-40967 (VectorStore FilterExpression Converter injection): the attacker crafts a malicious FilterExpression designed to inject arbitrary code during the conversion process.\u003c/li\u003e\n\u003cli\u003eThe malicious FilterExpression is submitted to the vulnerable VectorStore component via a user-controlled input or API endpoint.\u003c/li\u003e\n\u003cli\u003eThe VectorStore attempts to convert the FilterExpression, triggering the injection vulnerability.\u003c/li\u003e\n\u003cli\u003eArbitrary code is executed within the context of the Spring AI application, potentially granting the attacker control over the system.\u003c/li\u003e\n\u003cli\u003eFor CVE-2026-40978 (SQL Injection in CosmosDBVectorStore.doDelete()): The attacker crafts a SQL injection payload.\u003c/li\u003e\n\u003cli\u003eThe malicious SQL payload is inserted into the \u003ccode\u003edoDelete()\u003c/code\u003e function via a user-controlled input or API endpoint.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the CosmosDB database, enabling data exfiltration, modification, or deletion.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40967 and CVE-2026-40978 can lead to significant data breaches, unauthorized access to sensitive information, and complete compromise of the Spring AI application. This can impact any sector utilizing Spring AI for AI-powered applications, including finance, healthcare, and government. The impact could range from data theft and ransomware deployment to denial of service and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade Spring AI to version 1.0.6 or 1.1.5 or later to address CVE-2026-40967 and CVE-2026-40978.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs (category \u003ccode\u003ewebserver\u003c/code\u003e, product \u003ccode\u003elinux\u003c/code\u003e) for suspicious requests targeting Spring AI endpoints, looking for unusual FilterExpression patterns or SQL syntax, to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures within Spring AI applications to prevent FilterExpression injection and SQL injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T12:00:00Z","date_published":"2026-04-28T12:00:00Z","id":"/briefs/2026-04-spring-ai-vulns/","summary":"Spring released security advisories on April 27, 2026, to address a VectorStore FilterExpression Converter injection vulnerability (CVE-2026-40967) and a SQL Injection vulnerability (CVE-2026-40978) in Spring AI versions prior to 1.0.6 and 1.1.5.","title":"Spring AI Vulnerabilities CVE-2026-40967 and CVE-2026-40978","url":"https://feed.craftedsignal.io/briefs/2026-04-spring-ai-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Spring AI (1.0.x \u003c 1.0.6)","version":"https://jsonfeed.org/version/1.1"}