CVE-2026-40978 | Vmware Spring AI up to 1.0.5/1.1.4 Document ID CosmosDBVectorStore sql injection

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Vmware Spring AI up to 1.0.5/1.1.4. Affected is the function CosmosDBVectorStore of the component Document ID Handler. This manipulation causes sql injection.

This vulnerability is handled as CVE-2026-40978. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-40978 | Vmware Spring AI up to 1.0.5/1.1.4 Document ID CosmosDBVectorStore sql injection

Post correlati

CVE-2024-35667 | WP EasyCart Plugin up to 5.5.19 on WordPress authorization

CVE-2024-6446 | GitLab up to 17.1.6/17.2.4/17.3.1 URL logic error (Issue 470144)

CVE-2025-13431 | SlimStat Analytics Plugin up to 5.3.1 on WordPress args sql injection

CVE-2025-24841 | Six Apart Movable Type MT Block Editor cross site scripting