SB20260428208 - Multiple vulnerabilities in Spring AI

Description

This security bulletin contains information about 4 vulnerabilities.

1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2026-22744)

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper neutralization of special elements in RedisFilterExpressionConverter when processing a user-controlled string as a filter value for a TAG field. A remote attacker can supply a specially crafted TAG filter value to disclose sensitive information.

The issue occurs because stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters.

2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-22742)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to insufficient validation of media URLs in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. A remote attacker can supply a crafted media URL to induce the server to issue HTTP requests to unintended internal or external destinations to disclose sensitive information.

3) SQL injection (CVE-ID: CVE-2026-22743)

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper neutralization of special elements in Neo4jVectorFilterExpressionConverter doKey() when processing a user-controlled filter expression key. A remote attacker can supply a crafted filter expression key to disclose sensitive information.

The issue arises because embedded backticks are not escaped before the key is inserted into a backtick-delimited Cypher property accessor.

4) Improper Neutralization of Special Elements used in an Expression Language Statement (CVE-ID: CVE-2026-22738)

CWE-ID: CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to SpEL injection in SimpleVectorStore when processing a user-supplied filter expression key. A remote attacker can supply a crafted filter expression key to execute arbitrary code.

Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are vulnerable.

Remediation

Install update from vendor's website.

References

• https://spring.io/security/cve-2026-22744
• https://spring.io/security/cve-2026-22742
• https://spring.io/security/cve-2026-22743
• https://spring.io/security/cve-2026-22738