High · CVSS 8.1 April 27, 2026 · VMware Spring AI

Spring AI VectorStore FilterExpression Injection

Defending RAG Metadata Filters from Query Alteration

VMware disclosed an injection vulnerability in Spring AI's FilterExpression conversion logic affecting all vector store integrations. Keys and values in metadata filter expressions were not properly escaped before being converted into vector store query languages, allowing user-controlled input to alter the structure and semantics of retrieval queries. RAG pipelines, semantic search endpoints, and agent memory layers built on Spring AI 1.0.0–1.0.5 or 1.1.0–1.1.4 are affected. The risk: unauthorized document retrieval, context poisoning, and authorization bypass in multi-tenant deployments.

1 CVE

8.1 CVSS Score

RAG Attack Surface

Patched Status

"RAG filters are security boundaries when they control which documents reach the model."

— VMware Spring AI Security Advisory

Members only

Full technical analysis, attack chain, IOCs, and the defensive checklist are available to registered members — free to join.

Primary source: VMware Spring AI security advisory, April 27, 2026. This advisory is an independent defensive guide produced by Spectreworks AI for educational purposes only and is not affiliated with VMware or the Spring AI project.