What is the CVSS score of CVE-2026-40967?

CVE-2026-40967 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Spring AI are affected by CVE-2026-40967?

Spring AI versions 1.0.0-1.0.5 and 1.1.0-1.1.4 contain a filter expression injection vulnerability that allows unauthenticated remote attackers to manipulate vector store queries and potentially…. A patch is available.

Spring AI CVE-2026-40967

EUVD-2026-25994 HIGH

Code Injection (CWE-94)

2026-04-28 vmware

GHSA-qc4j-qjqx-vr58

RCE Java Code Injection

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch released

Apr 29, 2026 - 19:04 nvd

Patch available

Apr 28, 2026 - 08:01 EUVD

Analysis Updated

Apr 28, 2026 - 07:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 28, 2026 - 07:22 vuln.today

cvss_changed

CVSS changed

Apr 28, 2026 - 07:22 NVD

8.2 (HIGH) 8.6 (HIGH)

Analysis Generated

Apr 28, 2026 - 06:45 vuln.today

EUVD ID Assigned

Apr 28, 2026 - 06:30 euvd

EUVD-2026-25994

Analysis Generated

Apr 28, 2026 - 06:30 vuln.today

CVE Published

Apr 28, 2026 - 06:03 nvd

HIGH 8.6

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

162 maven packages depend on org.springframework.ai:spring-ai-vector-store (35 direct, 127 indirect)

Ecosystem-wide dependent count for version 1.0.0.

DescriptionNVD

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query.

Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

AnalysisAI

Filter expression injection in Spring AI 1.0.0-1.0.5 and 1.1.0-1.1.4 allows remote unauthenticated attackers to manipulate vector store queries through unescaped keys and values in FilterExpressionConverter implementations. The vulnerability enables query language injection across multiple vector database backends, potentially exposing sensitive data (CVSS:C:H) and modifying query results (CVSS:I:L). …

RemediationAI

Within 24 hours: Inventory all applications using Spring AI and identify those running versions 1.0.0-1.0.5 or 1.1.0-1.1.4. Within 7 days: Upgrade to Spring AI 1.0.6 or 1.1.5 (or later); prioritize production systems exposing filter parameters to end users. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40967 vulnerability details – vuln.today

Back