CVE-2026-22729
Received Received - Intake
JSONPath Injection in Spring AI AbstractFilterExpressionConverter Enables Access Bypass

Publication date: 2026-03-18

Last updated on: 2026-04-01

Assigner: VMware

Description
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents. This vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata. The vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters likeΒ ",Β ||, andΒ &&Β are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22729
EUVD
EUVD-2026-12795
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vmware spring_ai From 1.0.0 (inc) to 1.0.4 (exc)
vmware spring_ai From 1.1.0 (inc) to 1.1.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-917 The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade the affected Spring AI AbstractFilterExpressionConverter component to the fixed versions.

  • Upgrade to version 1.0.4 if you are using the 1.0.x branch.
  • Upgrade to version 1.1.3 if you are using the 1.1.x branch.

No additional mitigation steps are required beyond upgrading.

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-22729 is a high-severity JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter component."}, {'type': 'paragraph', 'content': 'It allows authenticated users to bypass metadata-based access controls by injecting arbitrary JSONPath logic through crafted filter expressions.'}, {'type': 'paragraph', 'content': 'The issue arises because user-controlled input passed to FilterExpressionBuilder is concatenated directly into JSONPath queries without proper escaping.'}, {'type': 'paragraph', 'content': 'Special characters such as quotation marks ("), logical OR (||), and logical AND (&&) are not escaped, enabling attackers to manipulate query semantics and access unauthorized documents.'}, {'type': 'paragraph', 'content': 'This vulnerability specifically affects applications using vector stores that extend AbstractFilterExpressionConverter for enforcing multi-tenant isolation, role-based access control, or document filtering based on metadata.'}] [1]

Impact Analysis

This vulnerability can allow authenticated users to bypass metadata-based access controls.

Attackers can inject arbitrary JSONPath logic to manipulate queries and gain access to unauthorized documents.

As a result, sensitive or restricted data that should be protected by access controls may be exposed to unauthorized users.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22729. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart