{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/jsonpath-injection/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-22729","jsonpath-injection","spring-ai"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-22729 is a newly identified JSONPath Injection vulnerability affecting the PgVectorStore component within the Spring AI framework. The vulnerability arises from insufficient input sanitization when processing JSONPath expressions, potentially allowing attackers to inject malicious code into queries. Successful exploitation could lead to unauthorized data access, modification, or even remote code execution depending on the application\u0026rsquo;s configuration and permissions. This vulnerability…\u003c/p\u003e\n","date_modified":"2026-03-19T12:35:09Z","date_published":"2026-03-19T12:35:09Z","id":"/briefs/2024-06-spring-ai-jsonpath-injection/","summary":"CVE-2026-22729 is a JSONPath Injection vulnerability found in Spring AI's PgVectorStore, potentially allowing for unauthorized data access or modification.","title":"CVE-2026-22729: JSONPath Injection Vulnerability in Spring AI's PgVectorStore","url":"https://feed.craftedsignal.io/briefs/2024-06-spring-ai-jsonpath-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Jsonpath-Injection","version":"https://jsonfeed.org/version/1.1"}