Cve-2026-22738 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/cve-2026-22738/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 06:16:37 +0000Spring AI SimpleVectorStore SpEL Injection Vulnerability (CVE-2026-22738)https://feed.craftedsignal.io/briefs/2026-03-spring-ai-spel-injection/Fri, 27 Mar 2026 06:16:37 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-spring-ai-spel-injection/A SpEL injection vulnerability exists in Spring AI's SimpleVectorStore when a user-supplied value is used as a filter expression key, potentially allowing malicious actors to execute arbitrary code in vulnerable applications.<p>A SpEL (Spring Expression Language) injection vulnerability, identified as CVE-2026-22738, has been discovered in the SimpleVectorStore component of Spring AI. This flaw occurs when a user-supplied value is used as a filter expression key within SimpleVectorStore. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. The vulnerability affects Spring AI versions 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4. Only applications that…</p> criticaladvisoryspel-injectionspring-aicve-2026-22738code-execution