CVE-2026-22744

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 and 1.1.0 through 1.1.3

Description The RedisFilterExpressionConverter component within spring-ai-redis-store improperly handles user-supplied strings used as filter values for TAG fields. Specifically, the stringValue() function directly inserts these values into the RediSearch TAG block (@field:{VALUE}) without appropriate character escaping. This can lead to unexpected behavior or potential issues when processing the filter expression.

Recommendations Update to Spring AI version 1.0.5 or later. Update to Spring AI version 1.1.4 or later.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-943CWE-74

Related Identifiers

CVE-2026-22744

GHSA-44F4-GVWJ-6QG3

Affected Products

Redis

Spring Ai

Spring-Ai-Redis-Store

CVE-2026-22744

Weakness Enumeration

Related Identifiers

Affected Products

References · 10