High severity8.6NVD Advisory· Published May 9, 2026· Updated May 12, 2026
CVE-2026-41705
CVE-2026-41705
Description
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 or greater.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.ai:spring-ai-milvus-storeMaven | >= 1.0.0, < 1.0.7 | 1.0.7 |
org.springframework.ai:spring-ai-milvus-storeMaven | >= 1.1.0, < 1.1.6 | 1.1.6 |
org.springframework.ai:spring-ai-typesense-storeMaven | >= 1.0.0, < 1.0.7 | 1.0.7 |
org.springframework.ai:spring-ai-typesense-storeMaven | >= 1.1.0, < 1.1.6 | 1.1.6 |
Affected products
3- ghsa-coords2 versionspkg:maven/org.springframework.ai/spring-ai-milvus-storepkg:maven/org.springframework.ai/spring-ai-typesense-store
>= 1.0.0, < 1.0.7+ 1 more
- (no CPE)range: >= 1.0.0, < 1.0.7
- (no CPE)range: >= 1.0.0, < 1.0.7
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-v632-2m87-7469ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-41705ghsaADVISORY
- spring.io/security/cve-2026-41705nvdVendor AdvisoryWEB
- github.com/spring-projects/spring-ai/pull/6011ghsaWEB
News mentions
1- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026