Critical SQL Injection Vulnerability Discovered in Spring AI Framework

A vulnerability was discovered in Spring AI on 15 June 2026, allowing attackers to execute SQL injection (SQLi) and bypass security policies. The flaw affects the Spring AI framework, though no specific versions or CVE identifiers were provided in the notice. The reported impacts include unauthorized database access or manipulation through SQLi and potential circumvention of security controls. No additional technical details, affected systems, or mitigation steps were disclosed in the advisory. The source of the vulnerability report is the French government’s CERT (CERT-FR).