Full Report
Spring security advisory (AV26-397)
Analysis Summary
# Vulnerability: Critical Injections in Spring AI Framework
## CVE Details
- **CVE ID:** CVE-2026-40967
- **CVSS Score:** Not specified in source (Typically High/Critical for Injection)
- **CWE:** CWE-89 / CWE-94 (Injection)
- **CVE ID:** CVE-2026-40978
- **CVSS Score:** Not specified in source (Typically High for SQLi)
- **CWE:** CWE-89 (SQL Injection)
## Affected Systems
- **Products:** Spring AI
- **Versions:**
- 1.0.x versions prior to 1.0.6
- 1.1.x versions prior to 1.1.5
- **Configurations:**
- For **CVE-2026-40967**: Systems using `VectorStore` with `FilterExpression` converters.
- For **CVE-2026-40978**: Systems utilizing the `CosmosDBVectorStore` implementation, specifically the `doDelete()` method.
## Vulnerability Description
The advisory covers two primary injection flaws within the Spring AI framework, which is used to integrate Artificial Intelligence models with applications:
1. **VectorStore FilterExpression Converter Injection:** A flaw exists in how filter expressions are converted for vector databases, potentially allowing an attacker to inject malicious code or logic into the query process.
2. **SQL Injection in CosmosDBVectorStore:** A specific vulnerability exists in the `doDelete()` method of the CosmosDB vector store implementation. Input is not properly sanitized before being used in a database query, allowing for SQL injection.
## Exploitation
- **Status:** Not specified (Assume PoC may follow shortly after public disclosure)
- **Complexity:** Medium
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Unauthorized data retrieval from vector/SQL databases)
- **Integrity:** High (Potential unauthorized modification or deletion of data)
- **Availability:** Medium (Potential for service disruption via database manipulation)
## Remediation
### Patches
Users are strongly encouraged to upgrade to the following versions:
- **Spring AI 1.0.6** (for users on the 1.0.x branch)
- **Spring AI 1.1.5** (for users on the 1.1.x branch)
### Workarounds
- No specific workarounds were provided in the advisory. Users should prioritize updating the library to a patched version.
## Detection
- **Indicators of compromise:** Monitor database logs (especially CosmosDB) for unusual query syntax or unexpected `DELETE` operations.
- **Detection methods and tools:** Use Static Application Security Testing (SAST) tools to identify vulnerable versions of the Spring AI dependency in project build files (e.g., `pom.xml` or `build.gradle`).
## References
- hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/spring-security-advisory-av26-397
- hxxps[://]spring[.]io/security/cve-2026-40967
- hxxps[://]spring[.]io/security/cve-2026-40978
- hxxps[://]spring[.]io/security