CVE-2026-40978

High

Published: 28 April 2026

Published

28 April 2026

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0005 16.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-40978 is a high-severity SQL Injection (CWE-89) vulnerability in Vmware Spring Ai. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other AI Platforms.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents SQL injection by validating and sanitizing untrusted document IDs before execution in CosmosDBVectorStore queries.

SI-2 Flaw Remediation good match

prevent

Remediates the specific SQL injection flaw by identifying and patching vulnerable Spring AI versions to versions 1.0.6 or 1.1.5.

SI-9 Information Input Restrictions partial match

prevent

Restricts document ID inputs to organization-defined safe formats, blocking malformed payloads that enable SQL injection.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

SQL injection in network-accessible Spring AI component (AV:N/PR:L) directly enables T1190 for exploiting public-facing apps and T1213.006 for arbitrary queries against the CosmosDB database instance.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

Deeper analysisAI

CVE-2026-40978 is a SQL injection vulnerability (CWE-89) in Spring AI's CosmosDBVectorStore component, enabling attackers to execute arbitrary SQL queries via crafted document IDs. It affects Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-04-28T09:16:16.583.

The attack requires low privileges (PR:L) and is exploitable over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). An attacker with low-privilege access to the application can supply malicious document IDs to the CosmosDBVectorStore, injecting and executing arbitrary SQL queries against the underlying CosmosDB instance. This can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), such as data exfiltration, modification, or denial of service.

The Spring security advisory at https://spring.io/security/cve-2026-40978 provides full details. The vulnerability is addressed in Spring AI 1.0.6 and 1.1.5; practitioners should upgrade to these or later versions to mitigate the issue.