Jsonpath-Injection — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/jsonpath-injection/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 19 Mar 2026 12:35:09 +0000CVE-2026-22729: JSONPath Injection Vulnerability in Spring AI's PgVectorStorehttps://feed.craftedsignal.io/briefs/2024-06-spring-ai-jsonpath-injection/Thu, 19 Mar 2026 12:35:09 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-06-spring-ai-jsonpath-injection/CVE-2026-22729 is a JSONPath Injection vulnerability found in Spring AI's PgVectorStore, potentially allowing for unauthorized data access or modification.<p>CVE-2026-22729 is a newly identified JSONPath Injection vulnerability affecting the PgVectorStore component within the Spring AI framework. The vulnerability arises from insufficient input sanitization when processing JSONPath expressions, potentially allowing attackers to inject malicious code into queries. Successful exploitation could lead to unauthorized data access, modification, or even remote code execution depending on the application&rsquo;s configuration and permissions. This vulnerability…</p> highadvisorycve-2026-22729jsonpath-injectionspring-ai