CVE-2026-40967 | Vmware Spring AI up to 1.0.5/1.1.4 Expressions FilterExpressionConverter code injection

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability, which was classified as critical, was found in Vmware Spring AI up to 1.0.5/1.1.4. This affects the function FilterExpressionConverter of the component Expressions Handler. The manipulation results in code injection.

This vulnerability was named CVE-2026-40967. The attack may be performed from remote. There is no available exploit.

You should upgrade the affected component.

CVE-2026-40967 | Vmware Spring AI up to 1.0.5/1.1.4 Expressions FilterExpressionConverter code injection

Post correlati

CVE-2023-52360 | Huawei HarmonyOS/EMUI Baseband unknown vulnerability

CVE-2024-1706 | ZKTeco ZKBio Access IVS up to 3.3.2 Department Name Search Bar cross site scripting

CVE-2026-33003 | LoadNinja Plugin up to 2.1 on Jenkins Controller File System permission

CVE-2025-54569 | Malwarebytes Binisoft Windows Firewall Control 6.8.1.0/6.9.2.0/6.9.9.2 Installer authorization