PT-2026-39225

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.6 Spring AI versions 1.1.0 through 1.1.5 Description The doDeleteList function in the MilvusVectorStore implementation is susceptible to filter-expression injection. This occurs because document IDs are not...

This Week in Spring - May 5th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...

Spring AI 1.0.x < 1.0.6 / 1.1.x < 1.1.5 Multiple Vulnerabilities

The version of Spring AI installed on the remote host is 1.0.x prior to 1.0.6 or 1.1.x prior to 1.1.5. It is, therefore, affected by multiple vulnerabilities, including: - A SQL injection vulnerability in CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document...

EUVD-2026-16537

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

CVE-2026-22744

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0....

CVE-2026-22744

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0....