CVE-2026-22744
Injection Vulnerability in Spring AI RedisFilterExpressionConverter TAG Field
Publication date: 2026-03-27
Last updated on: 2026-04-16
Assigner: VMware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vmware | spring_ai | From 1.0.0 (inc) to 1.0.5 (exc) |
| vmware | spring_ai | From 1.1.0 (inc) to 1.1.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22744 is a high-severity vulnerability in the RedisFilterExpressionConverter component of the spring-ai-redis-store module in Spring AI versions 1.0.0 through 1.0.x and 1.1.0 through 1.1.x.
The issue occurs when a user-controlled string is passed as a filter value for a TAG field in a RediSearch query. The stringValue() method inserts this value directly into the RediSearch TAG block syntax (@field:{VALUE}) without properly escaping special characters.
Because of this lack of escaping, the query can become malformed or vulnerable to injection attacks.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to craft malicious input that is directly inserted into RediSearch TAG queries without escaping, potentially leading to injection attacks or malformed queries.
The CVSS v3.1 base score is 7.5, indicating a high severity with a network attack vector, low attack complexity, no privileges required, and no user interaction needed.
The impact is primarily on confidentiality, meaning sensitive data could be exposed, but there is no impact on integrity or availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in spring-ai-redis-store, you should upgrade to the fixed versions: 1.0.5 for the 1.0.x branch and 1.1.4 for the 1.1.x branch.
No additional mitigation steps are required beyond upgrading.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in RedisFilterExpressionConverter allows user-controlled strings to be inserted into RediSearch TAG blocks without proper escaping, which can lead to injection attacks and malformed queries.
This vulnerability has a high confidentiality impact, meaning sensitive data could potentially be exposed or accessed improperly.
Such exposure or unauthorized access to sensitive data could negatively affect compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over confidentiality and data security.
Mitigation involves upgrading to fixed versions of the affected software, which is necessary to maintain compliance and reduce risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the spring-ai-redis-store component of Spring AI versions from 1.0.0 before 1.0.5 and from 1.1.0 before 1.1.4. Detection involves identifying if these vulnerable versions are in use.
Since the issue arises from the RedisFilterExpressionConverter inserting unescaped user-controlled strings into RediSearch TAG queries, monitoring for unusual or malformed RediSearch TAG queries in logs or network traffic may help detect exploitation attempts.
No specific detection commands are provided in the available resources.
To detect the vulnerable version on your system, you can check the version of the spring-ai-redis-store dependency in your application. For example, if you have access to the application environment, you might run commands like:
- For Maven-based projects: mvn dependency:list | grep spring-ai-redis-store
- For Gradle-based projects: ./gradlew dependencies --configuration runtimeClasspath | grep spring-ai-redis-store
Additionally, inspecting application logs for RediSearch queries containing unescaped TAG field values might indicate attempts to exploit this vulnerability.