CVE-2026-22729
JSONPath Injection in Spring AI AbstractFilterExpressionConverter Enables Access Bypass
Publication date: 2026-03-18
Last updated on: 2026-04-01
Assigner: VMware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vmware | spring_ai | From 1.0.0 (inc) to 1.0.4 (exc) |
| vmware | spring_ai | From 1.1.0 (inc) to 1.1.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-917 | The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the affected Spring AI AbstractFilterExpressionConverter component to the fixed versions.
- Upgrade to version 1.0.4 if you are using the 1.0.x branch.
- Upgrade to version 1.1.3 if you are using the 1.1.x branch.
No additional mitigation steps are required beyond upgrading.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-22729 is a high-severity JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter component."}, {'type': 'paragraph', 'content': 'It allows authenticated users to bypass metadata-based access controls by injecting arbitrary JSONPath logic through crafted filter expressions.'}, {'type': 'paragraph', 'content': 'The issue arises because user-controlled input passed to FilterExpressionBuilder is concatenated directly into JSONPath queries without proper escaping.'}, {'type': 'paragraph', 'content': 'Special characters such as quotation marks ("), logical OR (||), and logical AND (&&) are not escaped, enabling attackers to manipulate query semantics and access unauthorized documents.'}, {'type': 'paragraph', 'content': 'This vulnerability specifically affects applications using vector stores that extend AbstractFilterExpressionConverter for enforcing multi-tenant isolation, role-based access control, or document filtering based on metadata.'}] [1]
How can this vulnerability impact me? :
This vulnerability can allow authenticated users to bypass metadata-based access controls.
Attackers can inject arbitrary JSONPath logic to manipulate queries and gain access to unauthorized documents.
As a result, sensitive or restricted data that should be protected by access controls may be exposed to unauthorized users.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know