Main Vulnerability Database SB2026032733

SB2026032733 - JSONPath Injection in Spring AI

Published: March 27, 2026

Security Bulletin ID SB2026032733

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Neutralization of Special Elements used in an Expression Language Statement (CVE-ID: CVE-2026-22729)

The vulnerability allows a remote user to bypass access controls and disclose sensitive information.

The vulnerability exists due to improper input validation in FilterExpressionConverter when processing user-supplied filter expressions. A remote user can send a specially crafted filter expression to inject arbitrary JSONPath logic and access unauthorized documents.

Access to the vector store filtering functionality requires authentication. The vulnerability specifically affects applications using AbstractFilterExpressionConverter for metadata-based access control in multi-tenant or role-based environments.

Remediation

Install update from vendor's website.

References

https://spring.io/security/cve-2026-22729