CVE-2026-41705EXPLOITEDPATCHED

spring-projects · spring-ai

CVE-2026-41705: Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized

Description

Expression injection in MilvusVectorStore doDelete allows data destruction

Affected Products

Vendor	Product	Versions
spring-projects	spring-ai	1.0.0, 1.1.0, 1.0.6, 1.1.5

References

https://spring.io/security/cve-2026-41705

Related News (3 articles)

Tier B

CCCS Canada4h ago

Spring security advisory (AV26-443)

→ No new info (linked only)

Tier B

CERT-FR20h ago

Multiples vulnérabilités dans les produits Spring (11 mai 2026)

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-41705 | Spring AI up to 1.0.6/1.1.5 MilvusVectorStore#doDelete expression language injection

→ No new info (linked only)

CVSS 3.18.6 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.0.71.1.6

CWECWE-917

PublishedMay 9, 2026

Last enriched3h agov3

Trending Score64

Source articles3

Independent3

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

Vulnerability Timeline

CVE Published

May 9, 2026

Discovered by ZDM

May 9, 2026

Actively Exploited

May 9, 2026

Exploit Available

May 9, 2026

Patch Available

May 9, 2026

Updated: affectedVersions, severity, activelyExploited

May 9, 2026

Updated: description, exploitAvailable

May 11, 2026

Version History

Last enriched 3h ago

v3Tier B3h ago

Updated description to specify that the vulnerability allows data destruction and marked exploit availability as true.

descriptionexploitAvailable

via CCCS Canada

v2Tier C2d ago

Updated affected versions to 1.0.6 and 1.1.5, changed severity to CRITICAL, and noted that no exploit is available.

affectedVersionsseverityactivelyExploited

via VulDB

v12d ago

Initial creation

CVE-2026-41705: Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized

Description

Affected Products

References

Related News (3 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline

Version History