CVE-2026-22738

CVE Database · CVE-2026-22738

CVE-2026-22738

· CRITICALModified

CVSS v3.1

9.8

EPSS

0.82%

Published

Mar 27, 2026

Modified

May 10, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-917CWE-88

Affected Products (2)

vmware · spring_ai (up to 1.0.5)vulnerable

vmware · spring_ai (up to 1.1.4)vulnerable

References (1)

https://spring.io/security/cve-2026-22738

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs