{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40978", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-04-16T02:19:04.616Z", "datePublished": "2026-04-28T07:18:53.774Z", "dateUpdated": "2026-04-28T12:33:43.541Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-04-28T07:18:53.774Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Allows execution of arbitrary SQL via crafted document IDs, with high impact to confidentiality, integrity, and availability per CVSS v3.1."}]}], "affected": [{"vendor": "Spring", "product": "Spring AI", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.6", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs.\n\nAffected versions:\nSpring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)", "supportingMedia": [{"type": "text/html", "base64": false, "value": "SQL injection vulnerability in Spring AI's <code>CosmosDBVectorStore</code> allows attackers to execute arbitrary SQL queries via crafted document IDs.<br><br>Affected versions:<br>Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)"}]}], "references": [{"url": "https://spring.io/security/cve-2026-40978"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T12:33:34.300132Z", "id": "CVE-2026-40978", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:33:43.541Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40978", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-04-16T02:19:04.616Z", "datePublished": "2026-04-28T07:18:53.774Z", "dateUpdated": "2026-04-28T12:33:43.541Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-04-28T07:18:53.774Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Allows execution of arbitrary SQL via crafted document IDs, with high impact to confidentiality, integrity, and availability per CVSS v3.1."}]}], "affected": [{"vendor": "Spring", "product": "Spring AI", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.6", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs.\n\nAffected versions:\nSpring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)", "supportingMedia": [{"type": "text/html", "base64": false, "value": "SQL injection vulnerability in Spring AI's <code>CosmosDBVectorStore</code> allows attackers to execute arbitrary SQL queries via crafted document IDs.<br><br>Affected versions:<br>Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)"}]}], "references": [{"url": "https://spring.io/security/cve-2026-40978"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40978", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-28T12:33:34.300132Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:33:38.211Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs.\n\nAffected versions:\nSpring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)"}], "id": "CVE-2026-40978", "lastModified": "2026-04-28T09:16:16.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-04-28T09:16:16.583", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2026-40978"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@vmware.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T12:21:19.185630+00:00", "value": {"mitigation_remediation": ["Upgrade Spring AI to version 1.0.6 or later, or 1.1.5 or later, to apply the vendor\u2011provided fix.", "If an immediate upgrade is not possible, disable or restrict any public\u2011facing APIs that pass user\u2011supplied document IDs to CosmosDBVectorStore until a patch can be applied.", "Implement strict input validation on the document ID field, allowing only alphanumeric characters or a safe subset, and use parameterized queries to eliminate injection risk."], "summary": {"action": "Immediate Patch", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "This issue affects Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4. Users running any of these releases should consider them vulnerable until they upgrade to version 1.0.6 or 1.1.5, where the flaw is fixed.", "description_and_impact": "The vulnerability in the CosmosDBVectorStore component of Spring AI allows an attacker to inject arbitrary SQL statements by manipulating the document ID field. This flaw can be exploited to read, modify, or delete data stored in the underlying Cosmos\u00a0DB, potentially exposing sensitive information or corrupting data. The weakness corresponds to CWE\u201189, a classic SQL injection vulnerability that directly jeopardizes database confidentiality and integrity when accessed by an attacker.", "risk_and_exploitability": "With a CVSS score of 8.8, the vulnerability is deemed high severity. No EPSS score is publicly available, and it is not listed in CISA KEV, indicating no confirmed public exploitation yet. Nevertheless, because the flaw is a remote SQL injection, an attacker can achieve arbitrary database code execution from a remote attacker without authentication, assuming the application accepts user\u2011provided document IDs. The high exploitability score reflects the potential for widespread impact if the application is exposed to untrusted input."}}}}, "created": "2026-04-28T12:30:31.058181+00:00", "title": "SQL Injection via CosmosDBVectorStore Document ID", "updated": "2026-04-28T12:30:31.058193+00:00", "vendors": []}