Full Report
Spring security advisory (AV26-245)
Analysis Summary
# Vulnerability: Multiple Injection Flaws in Spring AI FilterExpressionConverters
## CVE Details
- **CVE ID:** CVE-2026-22730, CVE-2026-22729
- **CVSS Score:** Not explicitly listed in advisory (Likely High based on injection type)
- **CWE:** CWE-89 (SQL Injection), CWE-937 (Injection via JSONPath)
## Affected Systems
- **Products:** Spring AI
- **Versions:**
- 1.0.x versions prior to 1.0.4
- 1.1.x versions prior to 1.1.3
- **Configurations:**
- **CVE-2026-22730:** Systems using `MariaDBFilterExpressionConverter`.
- **CVE-2026-22729:** Systems using `Vector Stores FilterExpressionConverter`.
## Vulnerability Description
The advisory addresses two distinct injection vulnerabilities within the Spring AI framework's data filtering components:
1. **CVE-2026-22730:** A SQL injection vulnerability exists in the `MariaDBFilterExpressionConverter`. This occurs when user-supplied input is improperly sanitized before being incorporated into SQL queries used for vector store filtering in MariaDB environments.
2. **CVE-2026-22729:** A JSONPath injection vulnerability exists in the `Vector Stores FilterExpressionConverter`. This flaw allows an attacker to manipulate JSONPath expressions, potentially leading to unauthorized data access or bypass of intended query logic within vector databases.
## Exploitation
- **Status:** Not exploited (No reports of active exploitation in the wild at the time of the advisory).
- **Complexity:** Medium
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Potential unauthorized access to vector database content).
- **Integrity:** High (Potential modification of database records or query results).
- **Availability:** Low (Potential for query performance degradation).
## Remediation
### Patches
Users should upgrade to the following versions to resolve these vulnerabilities:
- **Spring AI 1.0.4** (for 1.0.x users)
- **Spring AI 1.1.3** (for 1.1.x users)
### Workarounds
No specific non-patch workarounds have been provided. It is strongly recommended to update the underlying library to the patched versions.
## Detection
- **Indicators of Compromise:** Unusual SQL syntax or JSONPath characters (e.g., `$`, `..`, `*`) appearing in application logs associated with vector search metadata filters.
- **Detection Methods and Tools:** Use Static Application Security Testing (SAST) tools to identify vulnerable versions of the Spring AI dependency in build files (e.g., `pom.xml` or `build.gradle`).
## References
- **Vendor Advisories:**
- hxxps[://]spring[.]io/security/cve-2026-22730
- hxxps[://]spring[.]io/security/cve-2026-22729
- hxxps[://]spring[.]io/security
- **Canadian Centre for Cyber Security:**
- hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/spring-security-advisory-av26-245