SB2026032733 - Multiple vulnerabilities in Spring AI

Description

This security bulletin contains information about 2 vulnerabilities.

1) Improper Neutralization of Special Elements used in an Expression Language Statement (CVE-ID: CVE-2026-22729)

CWE-ID: CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to bypass access controls and disclose sensitive information.

The vulnerability exists due to improper input validation in FilterExpressionConverter when processing user-supplied filter expressions. A remote user can send a specially crafted filter expression to inject arbitrary JSONPath logic and access unauthorized documents.

Access to the vector store filtering functionality requires authentication. The vulnerability specifically affects applications using AbstractFilterExpressionConverter for metadata-based access control in multi-tenant or role-based environments.

2) SQL injection (CVE-ID: CVE-2026-22730)

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to execute arbitrary SQL commands.

The vulnerability exists due to missing input sanitization in MariaDBFilterExpressionConverter when processing user-supplied filter expressions. A remote user can send a specially crafted input to execute arbitrary SQL commands.

The issue can be used to bypass metadata-based access controls.

Remediation

Install update from vendor's website.

References

• https://spring.io/security/cve-2026-22729
• https://spring.io/security/cve-2026-22730