Blackf0G

Researcher fromSecureLayer7
#15241of 53,634
17.6Total CVSS
Vulnerabilities · 2
High
2
PT-2026-25939
8.6
2026-03-17
Vmware · Spring Ai · CVE-2026-22729
**Name of the Vulnerable Software and Affected Versions** Spring AI versions prior to 1.0.4 and 1.1.3 **Description** A JSONPath injection issue exists in Spring AI’s `AbstractFilterExpressionConverter`. Authenticated users can bypass metadata-based access controls by using crafted filter expressions. User-controlled input provided to `FilterExpressionBuilder` is incorporated into JSONPath queries without sufficient sanitization. This allows attackers to inject arbitrary JSONPath logic, potentially granting access to unauthorized documents. The issue arises because special characters, such as ", ||, and &&, are not properly escaped before being included in JSONPath queries, enabling manipulation of the query’s intended behavior. The vulnerability impacts applications utilizing vector stores that extend `AbstractFilterExpressionConverter` for multi-tenant isolation, role-based access control, or document filtering based on metadata. **Recommendations** Update Spring AI to version 1.0.4 or 1.1.3.
PT-2026-25940
9.0
2026-03-17
Vmware · Spring-Ai-Mariadb-Store · CVE-2026-22730
**Name of the Vulnerable Software and Affected Versions** Spring AI versions prior to 1.0.4 Spring AI versions prior to 1.1.3 **Description** A critical SQL injection flaw exists in Spring AI's `MariaDBFilterExpressionConverter` component. This issue allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The root cause is a lack of input sanitization when processing user-provided filter expressions, leading to the construction of vulnerable SQL queries. The vulnerability affects applications utilizing `spring-ai-vector-store` or `spring-ai-mariadb-store` with user-controlled filter expressions. The vulnerability allows attackers to manipulate database queries without authentication. **Recommendations** For Spring AI versions prior to 1.0.4, upgrade to version 1.0.4 or later. For Spring AI versions prior to 1.1.3, upgrade to version 1.1.3 or later.