CRITICAL🇵🇱 Wersja polska

CVE-2026-22738

CVSS 9.8v3.1pub. 2026-03-27upd. 2026-05-10

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

🤖 AI Analysis
How it works

The vulnerability (CWE-917, CWE-88) consists of SimpleVectorStore using the value supplied by the user directly as a filter expression key, without proper validation or sanitization. An attacker can craft a malicious SpEL expression that will be executed by the Spring expression engine on the server side. This leads to arbitrary code execution in the context of the application (RCE). Only applications using SimpleVectorStore and passing user input as a filter expression key are vulnerable.

Impact

A remote and unauthenticated attacker can execute arbitrary code on the server, which in practice means complete takeover of the application, data leakage, resource modification, or further actions on the internal network.

Mitigation & patch

Spring AI should be updated to version 1.0.5 or newer (for the 1.0.x branch) or to version 1.1.4 or newer (for the 1.1.x branch). Additionally, it is recommended to verify whether the application passes user data as filter expression keys to SimpleVectorStore, and to implement appropriate input validation. Details available at: https://spring.io/security/cve-2026-22738

Who is affected

Spring AI in versions from 1.0.0 to 1.0.4 (before 1.0.5) and from 1.1.0 to 1.1.3 (before 1.1.4). It affects only applications using the SimpleVectorStore component with user data passed as a filter expression key.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • VMware Spring Ai

    APP
    Vmware
    1.0.0 – 1.0.5 (bez)1.1.0 – 1.1.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-41713HIGH8.2ten sam produkt

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in...

CVE-2026-41712HIGH7.5ten sam produkt

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could ...

CVE-2026-41705HIGH8.6ten sam produkt

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via u...

CVE-2026-40978HIGH8.8ten sam produkt

SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL que...

CVE-2026-40967HIGH8.6ten sam produkt

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translat...