cyberMEDIUM2026-04-28 09:16 UTC

CVE-2026-40978 - Spring AI CosmosDBVectorStore SQL Injection

CVE ID :CVE-2026-40978 Published : April 28, 2026, 9:16 a.m. | 46 minutes ago Description :SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6),

ORIGINAL SOURCE →via CVE Feed Latest

⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

[CYBER] Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
[CYBER] DeFi United Releases Technical Plan to Restore rsETH Backing After $292 Million Kelp DAO Exploit - unchainedcrypto.com
[CYBER] Quantum can wait: Why CISOs should focus on today’s preventable cyber risks
[CYBER] Windows Shell Vulnerability CVE-2026-32202 Moves From Patch Note to Active Threat
[CYBER] CVE-2026-7280 - eMPIA Technology｜AVACAST - Unquoted Service Path
[CYBER] Reflections on BlackHat Asia 2026 and Arsenal

Editorial policy · Report a correction