Improper Neutralization of Special Elements used in an Expression Language Statement in Spring AI - CVE-2026-22729
Published: March 27, 2026
Vulnerability identifier: #VU124651
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-22729
CWE-ID: CWE-917
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Pivotal
Affected software:
Spring AI
Spring AI
Detailed vulnerability description
The vulnerability allows a remote user to bypass access controls and disclose sensitive information.
The vulnerability exists due to improper input validation in FilterExpressionConverter when processing user-supplied filter expressions. A remote user can send a specially crafted filter expression to inject arbitrary JSONPath logic and access unauthorized documents.
Access to the vector store filtering functionality requires authentication. The vulnerability specifically affects applications using AbstractFilterExpressionConverter for metadata-based access control in multi-tenant or role-based environments.
How to mitigate CVE-2026-22729
Install security update from vendor's website.