CVE-2026-22738 CRITICAL

CVE-2026-22738: SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution

Vendor Spring
Product Spring AI
Published March 27, 2026
Last update May 10, 2026

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Key dates

02Disclosure timeline

March 27, 2026 CVE published
May 10, 2026 Record updated