Primary

Context

Spring AI FilterExpressionConverter Injection Vulnerability

Vulnerability

A vulnerability exists in Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4, where certain FilterExpressionConverter implementations fail to properly escape keys and values in filter expressions. This oversight allows for the manipulation of queries directed towards specific vector store query languages. The vulnerability affects applications that utilize VectorStore implementations and incorporate user-supplied input as a filter expression.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of vector store queries, potentially allowing for injection attacks or manipulation of query results.

Remediation

Users should upgrade to Spring AI version 1.0.6 or 1.1.5, depending on their current version.

Added: Apr 28, 2026, 7:30 AM

Updated: Apr 28, 2026, 7:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring AI FilterExpressionConverter Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating