Spring AI SimpleVectorStore SpEL Injection Vulnerability (CVE-2026-22738)
A SpEL injection vulnerability exists in Spring AI's SimpleVectorStore when a user-supplied value is used as a filter expression key, potentially allowing malicious actors to execute arbitrary code in vulnerable applications.
A SpEL (Spring Expression Language) injection vulnerability, identified as CVE-2026-22738, has been discovered in the SimpleVectorStore component of Spring AI. This flaw occurs when a user-supplied value is used as a filter expression key within SimpleVectorStore. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. The vulnerability affects Spring AI versions 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4. Only applications that…
Detection coverage 2
Detect Suspicious SpEL Expression in HTTP URI
highDetects suspicious SpEL expressions in HTTP URI, indicative of potential SpEL injection attempts.
Detect Suspicious SpEL Expression in HTTP Body
highDetects suspicious SpEL expressions in HTTP Body, indicative of potential SpEL injection attempts.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1