SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution

Description

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Affected Products

Vendor	Product	Versions
spring	spring ai	1.0.0, 1.1.0

References

https://spring.io/security/cve-2026-22738

Related News (2 articles)

Tier C

VulDB16h ago

CVE-2026-22738 | VMware Spring AI up to 1.0.4/1.1.3 injection

→ No new info (linked only)

Tier B

CERT-FR22h ago

Multiples vulnérabilités dans Spring AI (27 mars 2026)

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Published3/27/2026

Last enriched7h agov4

Trending Score70

Source articles2

Independent2

Info Completeness8/14

Missing: epss, cwe, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 7h ago

v4Tier B7h ago

Updated exploit availability to true and marked as actively exploited.

exploitAvailableactivelyExploited

via CERT-FR

v3Tier C15h ago

Updated exploit availability to false and actively exploited status to false.

cvssEstimate

via VulDB

v2Tier C16h ago

Updated vendor to VMware, affected versions to 1.0.4 and 1.1.3, and severity to HIGH.

vendoraffectedVersionsseverity

via VulDB

v117h ago

Initial creation