CVE-2026-22738
Modified Modified - Updated After Analysis
SpEL Injection in Spring AI SimpleVectorStore Enables Code Execution

Publication date: 2026-03-27

Last updated on: 2026-05-10

Assigner: VMware

Description
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-05-10
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22738
EUVD
EUVD-2026-16535
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vmware spring_ai From 1.0.0 (inc) to 1.0.5 (exc)
vmware spring_ai From 1.1.0 (inc) to 1.1.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CWE-917 The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-22738 is a critical remote code execution vulnerability in Spring AI's SimpleVectorStore component.

The issue arises from a SpEL (Spring Expression Language) injection caused by the use of unescaped user-supplied input as a filter expression key.

This allows a malicious actor to execute arbitrary code on affected systems.

Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected.

Impact Analysis

This vulnerability can allow a remote attacker to execute arbitrary code on your system without any privileges or user interaction.

Such remote code execution can lead to full compromise of the affected system, including unauthorized access, data theft, or disruption of services.

Mitigation Strategies

To mitigate the risk of this vulnerability, users must upgrade Spring AI to the fixed versions.

  • Upgrade to version 1.0.5 if using the 1.0.x branch.
  • Upgrade to version 1.1.4 if using the 1.1.x branch.

No additional mitigation steps are required beyond upgrading.

Detection Guidance

There are no specific detection commands or network/system scanning methods provided for this vulnerability.

The recommended action is to verify the version of Spring AI's SimpleVectorStore component in use and ensure it is upgraded to a fixed version (1.0.5 or later for the 1.0.x branch, and 1.1.4 or later for the 1.1.x branch) to mitigate the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22738. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart