CVE-2026-22738
Received Received - Intake
SpEL Injection in Spring AI SimpleVectorStore Enables Code Execution

Publication date: 2026-03-27

Last updated on: 2026-04-16

Assigner: VMware

Description
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-04-16
Generated
2026-05-07
AI Q&A
2026-03-27
EPSS Evaluated
2026-05-05
NVD
CVE-2026-22738
EUVD
EUVD-2026-16535
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vmware spring_ai From 1.0.0 (inc) to 1.0.5 (exc)
vmware spring_ai From 1.1.0 (inc) to 1.1.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-917 The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-22738 is a critical remote code execution vulnerability in Spring AI's SimpleVectorStore component.

The issue arises from a SpEL (Spring Expression Language) injection caused by the use of unescaped user-supplied input as a filter expression key.

This allows a malicious actor to execute arbitrary code on affected systems.

Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


How can this vulnerability impact me? :

This vulnerability can allow a remote attacker to execute arbitrary code on your system without any privileges or user interaction.

Such remote code execution can lead to full compromise of the affected system, including unauthorized access, data theft, or disruption of services.


What immediate steps should I take to mitigate this vulnerability?

To mitigate the risk of this vulnerability, users must upgrade Spring AI to the fixed versions.

  • Upgrade to version 1.0.5 if using the 1.0.x branch.
  • Upgrade to version 1.1.4 if using the 1.1.x branch.

No additional mitigation steps are required beyond upgrading.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

There are no specific detection commands or network/system scanning methods provided for this vulnerability.

The recommended action is to verify the version of Spring AI's SimpleVectorStore component in use and ensure it is upgraded to a fixed version (1.0.5 or later for the 1.0.x branch, and 1.1.4 or later for the 1.1.x branch) to mitigate the vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart