SB20260427184 - Multiple vulnerabilities in Spring AI

Description

This security bulletin contains information about 5 vulnerabilities.

1) Input validation error (CVE-ID: CVE-2026-40966)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper input validation in VectorStoreChatMemoryAdvisor when processing user-supplied conversationId values. A remote attacker can inject crafted filter logic to disclose sensitive information.

Only applications that pass user-supplied input as a conversationId are vulnerable.

2) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2026-40967)

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to alter vector store queries.

The vulnerability exists due to improper neutralization of special elements in various FilterExpressionConverter implementations when translating user-supplied filter expressions. A remote attacker can supply crafted keys and values to alter vector store queries.

Only applications that use VectorStore implementations and pass user-supplied input as a filterExpression are vulnerable.

3) SQL injection (CVE-ID: CVE-2026-40978)

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to execute arbitrary SQL queries.

The vulnerability exists due to SQL injection in CosmosDBVectorStore.doDelete() when processing crafted document IDs. A remote user can supply crafted document IDs to execute arbitrary SQL queries.

Only applications that use CosmosDBVectorStore and pass user-supplied input as document ids are vulnerable.

4) Incorrect permission assignment for critical resource (CVE-ID: CVE-2026-40979)

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to disclose the ONNX model used by the application and modify cached model data.

The vulnerability exists due to improper access control in the ONNX model cache when using the default world-writable predictable /tmp directory. A local user can access or alter files in the cache directory to disclose the ONNX model used by the application and modify cached model data.

Only applications that use TransformersEmbeddingModel with caching enabled and the default cache location are affected.

5) Uncontrolled Memory Allocation (CVE-ID: CVE-2026-40980)

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to cause a denial of service.

The vulnerability exists due to uncontrolled memory allocation in ForkPDFLayoutTextStripper when processing a crafted PDF file. A remote user can supply a malicious PDF file to cause a denial of service.

Only applications that use ForkPDFLayoutTextStripper and pass user-supplied input to DocumentReaders are vulnerable.

Remediation

Install update from vendor's website.

References

• https://spring.io/security/cve-2026-40966
• https://spring.io/security/cve-2026-40967
• https://spring.io/security/cve-2026-40978
• https://spring.io/security/cve-2026-40979
• https://spring.io/security/cve-2026-40980