CVE-2026-41705 Spring CVE debrief

Who should care

Security and application teams running Spring AI deployments that use MilvusVectorStore deletion flows, especially when document IDs may be influenced by untrusted input.

Technical summary

The official record and vendor advisory describe a filter-expression injection issue in MilvusVectorStore#doDelete(List). Because document IDs are incorporated without proper sanitization, attacker-controlled values can alter the generated filter expression used during deletion. NVD maps the weakness to CWE-917 and publishes a CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L, indicating a remotely reachable issue with no privileges or user interaction required and a high confidentiality impact.

Defensive priority

High priority for any environment using the affected Spring AI MilvusVectorStore code path. Prioritize remediation if deletion requests can be reached by untrusted users or downstream services.

Recommended defensive actions

• Upgrade Spring AI to 1.0.7 or later if you are on the 1.0.x line, or to 1.1.6 or later if you are on the 1.1.x line.
• Review all callers of MilvusVectorStore#doDelete(List) and ensure document IDs are treated as untrusted input.
• Add allowlisting and validation for document IDs before they are used in deletion/filter construction.
• Test the delete path with malformed or unexpected IDs and add regression coverage for injection-resistant handling.
• Confirm that any exposed service using this path is patched across all deployed environments, including test and staging instances.

Evidence notes

This debrief is based on the NVD CVE entry, which lists the CVSS vector and CWE-917 mapping, and the Spring vendor advisory reference at spring.io/security/cve-2026-41705, which provides the affected-version and upgrade guidance. Timing is based on the supplied CVE published timestamp of 2026-05-09T01:16:08.690Z.

Official resources