CVE-2026-22738

CVE-2026-22738 is a SpEL injection vulnerability in the SimpleVectorStore component of Spring AI. It occurs when a user-supplied value is used as a filter expression key, enabling a malicious actor to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input directly as a filter expression key are affected. The vulnerability impacts Spring AI versions from 1.0.0 before 1.0.5 and from 1.1.0 before 1.1.4, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-917.

Any remote attacker can exploit this vulnerability without authentication or user interaction by supplying a crafted filter expression key to a vulnerable application. Successful exploitation allows arbitrary code execution on the server, potentially leading to full compromise including high confidentiality, integrity, and availability impacts.

The Spring security advisory at https://spring.io/security/cve-2026-22738 details the issue and recommends upgrading to Spring AI 1.0.5 or 1.1.4, where the vulnerability is addressed.

This vulnerability is particularly relevant to AI/ML applications leveraging Spring AI's vector store functionality for tasks like semantic search or retrieval-augmented generation. No real-world exploitation has been reported as of the CVE publication on 2026-03-27.