Main Vulnerability Database Vulnerabilities #VU124651

#VU124651 Improper Neutralization of Special Elements used in an Expression Language Statement in Spring AI - CVE-2026-22729

Published: March 27, 2026

Vulnerability identifier: #VU124651

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-22729

CWE-ID: CWE-917

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Spring AI

Software vendor:
Pivotal

Description

The vulnerability allows a remote user to bypass access controls and disclose sensitive information.

The vulnerability exists due to improper input validation in FilterExpressionConverter when processing user-supplied filter expressions. A remote user can send a specially crafted filter expression to inject arbitrary JSONPath logic and access unauthorized documents.

Access to the vector store filtering functionality requires authentication. The vulnerability specifically affects applications using AbstractFilterExpressionConverter for metadata-based access control in multi-tenant or role-based environments.

Remediation

Install security update from vendor's website.

External links

https://spring.io/security/cve-2026-22729

#VU124651 Improper Neutralization of Special Elements used in an Expression Language Statement in Spring AI - CVE-2026-22729

Description

Remediation

External links

Please verify you're human