CVE-2026-22743
- EPSS 0.25%
- Veröffentlicht 27.03.2026 05:33:20
- Zuletzt bearbeitet 16.04.2026 20:23:14
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, ...
CVE-2026-22742
- EPSS 0.35%
- Veröffentlicht 27.03.2026 05:27:41
- Zuletzt bearbeitet 10.05.2026 14:16:48
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an att...
CVE-2026-22738
- EPSS 0.82%
- Veröffentlicht 27.03.2026 05:21:07
- Zuletzt bearbeitet 10.05.2026 14:16:48
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and p...
CVE-2026-22729
- EPSS 0.52%
- Veröffentlicht 18.03.2026 07:39:56
- Zuletzt bearbeitet 01.04.2026 16:53:35
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is con...
CVE-2026-22730
- EPSS 0.52%
- Veröffentlicht 18.03.2026 07:36:30
- Zuletzt bearbeitet 01.04.2026 16:52:48
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.