CVE-2026-40967 | Vmware Spring AI up to 1.0.5/1.1.4 Expressions FilterExpressionConverter code injection

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability, which was classified as critical, was found in Vmware Spring AI up to 1.0.5/1.1.4. This affects the function FilterExpressionConverter of the component Expressions Handler. The manipulation results in code injection.

This vulnerability was named CVE-2026-40967. The attack may be performed from remote. There is no available exploit.

You should upgrade the affected component.

CVE-2026-40967 | Vmware Spring AI up to 1.0.5/1.1.4 Expressions FilterExpressionConverter code injection

Post correlati

CVE-2024-56258 | WPBlockArt Magazine Blocks Plugin up to 1.3.20 on WordPress cross site scripting

CVE-2024-34075 | xiboon kurwov up to 3.2.4 MarkovData#getNext deserialization

CVE-2025-12529 | Cost Calculator Builder Plugin up to 3.6.3 on WordPress deleteOrdersFiles

CVE-2024-10427 | Codezips Pet Shop Management System 1.0 /deleteanimal.php t1 sql injection