com.thecookiezen:archiledger-core (>=0.0.4 <=0.0.5), io.github.massimilianopili:mcp-vector-tools (=0.3.1) +1 more potentially affected by CVE-2026-40979 via org.springframework.ai:spring-ai-transformers (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-transformers MAVEN version =1.1.0, =0.0.4, =1.1.0, =1.1.4 Source cves: CVE-2026-40979 Source advisory: OSV:GHSA-R5HP-3CGJ-J6XV...

org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.1.0, =1.1.0, =1.1.4 Source cves: CVE-2026-40978 Source advisory: OSV:GHSA-63C8-M9M2-CVR3...

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-memory-long (>=1.1.0.0 <=1.1.2.2-retriever2), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (>=1.1.0.0 <=1.1.2.2-retriever2) +5 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.1.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =0.0.6, =4.17.0, =4.17.0, =4.20.0 - org.vrspace:server =0.8.7 Source cves: CVE-2026-40966 Source advisory: OSV:GHSA-V6X6-PJXW-3PV2...

com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +2 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve Source cves: CVE-2026-40966 Source advisory: OSV:GHSA-V6X6-PJXW-3PV2...

GHSA-QC4J-QJQX-VR58 Spring AI has a VectorStore FilterExpression Converter injection

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

ai.driftkit:driftkit-vector-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-vector-spring-ai-starter (>=0.6.0 <=0.8.7) +176 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-vector-store (>=1.0.0 <=1.0.5)

org.springframework.ai:spring-ai-vector-store MAVEN version =1.0.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0.1, =1.0.0.1, =1.0.0.3, =1.0.0.3, =1.0.0.1, =1.0.0.4 - com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-nacos-mcp-client =1.0.0.1 and more Source cves:...

ai.koog:koog-spring-ai-starter-vector-store (>=0.8.0 <=0.8.0-rc-1), ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6) +237 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-vector-store (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-vector-store MAVEN version =1.1.0, =0.8.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =25.4.0, =1.21.2, =0.1.0, =0.3.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.1.2.2-retriever2 and more Source cves: CVE-2026-40967 Source advisory: OSV:GHSA-QC4J-QJQX-VR58...

Spring AI has a VectorStore FilterExpression Converter injection

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-40978

Summary: CVE-2026-40978 is a SQL injection vulnerability in Spring AI’s CosmosDBVectorStore. Affected versions: Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). Issue: Attackers can trigger arbitrary SQL queries via crafted document IDs, enabling high-severity impact as pe...

EUVD-2026-26011

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

EUVD-2026-26002

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...

CVE-2026-40966 VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...

CVE-2026-40967

Summary : CVE-2026-40967 affects Spring AI 1.0.0–1.0.5 (fix in 1.0.6) and 1.1.0–1.1.4 (fix in 1.1.5). In several FilterExpressionConverter implementations, filter expression keys/values aren’t properly escaped, enabling an attacker to alter vector store queries. This could impact query integrity ...

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

Spring Boot's PID file write follows symlinks at predictable default path

When an application is configured to use ApplicationPidFileWriter, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16,...

CVE-2026-38948

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

PT-2026-35667

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.5 Spring AI versions 1.1.0 through 1.1.4 Description Various FilterExpressionConverter implementations fail to properly escape keys and values when translating filter expression objects into specific vector...

FUEL CMS 跨站脚本漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Versions of FUEL CMS prior to 1.5.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the asset upload feature not properly cleaning up uploaded SVG files, allowing...