## CVE-2026-41705: Spring AI MilvusVectorStore Flaw Enables Filter-Expression Injection via Unsanitized Document IDs
A high-severity vulnerability has been identified in Spring AI's MilvusVectorStore component, exposing applications to filter-expression injection attacks. Tracked as CVE-2026-41705 with a CVSS score of 8.6, the flaw resides in the doDelete(List) implementation, where unsanitized document IDs are passed directly into filter expressions without proper input validation.

The vulnerability affects Spring AI versions 1.0.0 through the latest 1.0.x release. According to available reports, upgrading to version 1.0.7 or later resolves the issue. Spring AI 1.1.x installations are also reported as affected, though full version remediation details remain partially documented. The flaw specifically targets applications utilizing MilvusVectorStore for vector database operations, where maliciously crafted document identifiers could manipulate filter logic.

Filter-expression injection vulnerabilities allow attackers to modify query parameters beyond their intended scope, potentially enabling unauthorized data access, manipulation of deletion operations, or extraction of sensitive information stored alongside vector embeddings. Organizations running affected Spring AI deployments should immediately assess their MilvusVectorStore usage and apply the available patch. The disclosure has been tracked through security monitoring platforms including Patchstack, highlighting ongoing community attention to AI framework security as these libraries see increased enterprise adoption.
---
- **Source**: Mastodon:mastodon.social:#infosec
- **Sector**: The Lab
- **Tags**: CVE-2026-41705, Spring AI, MilvusVectorStore, filter-expression injection, vulnerability
- **Credibility**: unverified
- **Published**: 2026-05-09 07:31:50
- **ID**: 81042
- **URL**: https://whisperx.ai/en/intel/81042