Every CVE whose affected-product data names Vmware Spring Ai, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2026-22738 — CVSS 9.8 (critical): In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A…
CVE-2026-22730 — CVSS 8.8 (high): A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access…
CVE-2026-40978 — CVSS 8.8 (high): SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document…
CVE-2026-47835 — CVSS 8.6 (high): In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and…
CVE-2026-22742 — CVSS 8.6 (high): Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing…
CVE-2026-40967 — CVSS 8.6 (high): In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector…
CVE-2026-41705 — CVSS 8.6 (high): Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs…
CVE-2026-22729 — CVSS 8.6 (high): A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based…
CVE-2026-41713 — CVSS 8.2 (high): A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way…
CVE-2026-41712 — CVSS 7.5 (high): Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data…
CVE-2026-22743 — CVSS 7.5 (high): Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled…
CVE-2026-22744 — CVSS 7.5 (high): In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field…
CVE-2026-40980 — CVSS 6.5 (medium): In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by…
CVE-2026-41863 — CVSS 6.5 (medium): Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This…
CVE-2026-40979 — CVSS 6.1 (medium): In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0…
CVE-2026-40966 — CVSS 5.9 (medium): In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including…