Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN438 _____________________________________________________________________ DATE : 28/04/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Spring AI versions prior to 1.0.6, 1.1.5. ===================================================================== https://spring.io/security/cve-2026-40967/ https://spring.io/security/cve-2026-40978/ https://spring.io/security/cve-2026-40979/ https://spring.io/security/cve-2026-40980/ https://spring.io/security/cve-2026-40966/ _____________________________________________________________________ CVE-2026-40967: VectorStore FilterExpression Converter injection HIGH | APRIL 27, 2026 | CVE-2026-40967 Description In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Only applications that use VectorStore implementations and pass user-supplied input as a filterExpression are affected. Affected Spring Products and Versions Spring AI: 1.0.0 - 1.0.x 1.1.0 - 1.1.x Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s) Fix version Availability 1.0.x 1.0.6 OSS 1.1.x 1.1.5 OSS No further mitigation steps are necessary. Credit The issue was reported responsibly by Quan Le of Unit 515 from OPSWAT @aleister1102 Cantina's AppSec agent, Apex (https://www.cantina.security/) @Evil-Squirt1e Bofei Chen @qxyuan853 Andrew Orr at Tenable @blindhacker99 - https://x.com/ph0smet ChenPeng [Ant Group] SharlongWen @wo1enca1ca1 Meriem BELHORA @MeryBelh @rockmelodies Hyunwoo Kim (@V4bel) Yu Bao August829 - [email protected] - who works for paypal.com References https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Reporting a vulnerability To report a security vulnerability for a project within _____________________________________________________________________ CVE-2026-40978: SQL Injection in CosmosDBVectorStore.doDelete() HIGH | APRIL 27, 2026 | CVE-2026-40978 Description SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Only applications that use CosmosDBVectorStore and pass user-supplied input as document ids are affected. Affected Spring Products and Versions Spring AI: 1.0.0 - 1.0.x 1.1.0 - 1.1.x Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s) Fix version Availability 1.0.x 1.0.6 OSS 1.1.x 1.1.5 OSS No further mitigation steps are necessary. Credit The issue was reported responsibly by SharlongWen References https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H _____________________________________________________________________ CVE-2026-40979: ONNX model cache defaults to world-writable predictable /tmp directory MODERATE | APRIL 27, 2026 | CVE-2026-40979 Description In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Only applications that use TransformersEmbeddingModel and have the cache enabled, using the default location, are affected. Affected Spring Products and Versions Spring AI: 1.0.0 - 1.0.x 1.1.0 - 1.1.x Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s) Fix version Availability 1.0.x 1.0.6 OSS 1.1.x 1.1.5 OSS No further mitigation steps are necessary. References https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N _____________________________________________________________________ CVE-2026-40980: OOM by attacker-controlled PDF MODERATE | APRIL 27, 2026 | CVE-2026-40980 Description In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Only applications that use ForkPDFLayoutTextStripper and pass user-supplied input to DocumentReaders are affected. Affected Spring Products and Versions Spring AI: 1.0.0 - 1.0.x 1.1.0 - 1.1.x Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s) Fix version Availability 1.0.x 1.0.6 OSS 1.1.x 1.1.5 OSS No further mitigation steps are necessary. References https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H _____________________________________________________________________ CVE-2026-40966: VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration MODERATE | APRIL 27, 2026 | CVE-2026-40966 Description In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected. Affected Spring Products and Versions Spring AI: 1.0.0 - 1.0.x 1.1.0 - 1.1.x Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s) Fix version Availability 1.0.x 1.0.6 OSS 1.1.x 1.1.5 OSS No further mitigation steps are necessary. Credit The issue was reported responsibly by Jinyeong Seol Seol-JY Cantina's AppSec agent, Apex (https://www.cantina.security) References https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================