CVE-2026-22729

Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.4 and 1.1.3

Description A JSONPath injection issue exists in Spring AI’s AbstractFilterExpressionConverter. Authenticated users can bypass metadata-based access controls by using crafted filter expressions. User-controlled input provided to FilterExpressionBuilder is incorporated into JSONPath queries without sufficient sanitization. This allows attackers to inject arbitrary JSONPath logic, potentially granting access to unauthorized documents. The issue arises because special characters, such as ", ||, and &&, are not properly escaped before being included in JSONPath queries, enabling manipulation of the query’s intended behavior. The vulnerability impacts applications utilizing vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata.

Recommendations Update Spring AI to version 1.0.4 or 1.1.3.