HIGH SeverityCVSS 3.18.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CVE-2026-41705

Last updated May 09, 2026 · Published May 09, 2026

Description

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 or greater.

Affected products

1 listed

Spring:Spring AI

Mappings

CWE

CWE-917

CAPEC

None listed.

Research

Template InjectionExplains how untrusted input can be executed by template engines on server or client. Covers safe templating…

Training

Injection TodaySQL, NoSQL, ORM, and LLM injection - what's changed and what hasn't.

CVE-2026-41705

Description

Affected products

Mappings

Related