CVE-2026-41705 | Spring AI up to 1.0.6/1.1.5 MilvusVectorStore#doDelete expression language injection

May 9, 2026 Yanac

A vulnerability has been found in Spring AI up to 1.0.6/1.1.5 and classified as critical. The affected element is the function MilvusVectorStore#doDelete. Performing a manipulation results in improper neutralization of special elements used in an expression language statement.

This vulnerability is cataloged as CVE-2026-41705. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More