What is the CVSS score of CVE-2026-41705?

CVE-2026-41705 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Spring AI are affected by CVE-2026-41705?

Spring AI's MilvusVectorStore contains a filter-expression injection vulnerability (CVE-2026-41705) that allows unauthenticated remote attackers to manipulate vector database queries, potentially…. A patch is available.

Spring AI CVE-2026-41705

EUVD-2026-28875 HIGH

Improper Neutralization of Special Elements used in an Expression Language Statement (CWE-917)

2026-05-09 vmware

GHSA-v632-2m87-7469

Java Code Injection

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch available

May 09, 2026 - 02:16 EUVD

Analysis Generated

May 09, 2026 - 01:31 vuln.today

CVE Published

May 09, 2026 - 00:34 nvd

HIGH 8.6

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

2 maven packages depend on org.springframework.ai:spring-ai-milvus-store (1 direct, 1 indirect)
1 maven packages depend on org.springframework.ai:spring-ai-typesense-store (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 1.0.0 and other introduced versions.

DescriptionNVD

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 or greater.

AnalysisAI

Filter-expression injection in Spring AI's MilvusVectorStore allows remote unauthenticated attackers to manipulate vector database queries by injecting malicious filter expressions through unsanitized document IDs. Affects Spring AI 1.0.0-1.0.6 and 1.1.0-1.1.5. …

RemediationAI

Within 24 hours: Identify all applications running Spring AI 1.0.0-1.0.6 or 1.1.0-1.1.5 using MilvusVectorStore and isolate them from untrusted networks if possible. Within 7 days: Upgrade to Spring AI 1.0.7 or 1.1.6 (vendor-released patches). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41705 vulnerability details – vuln.today

Back