{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/spel-injection/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["spel-injection","spring-ai","cve-2026-22738","code-execution"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA SpEL (Spring Expression Language) injection vulnerability, identified as CVE-2026-22738, has been discovered in the SimpleVectorStore component of Spring AI. This flaw occurs when a user-supplied value is used as a filter expression key within SimpleVectorStore. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. The vulnerability affects Spring AI versions 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4. Only applications that…\u003c/p\u003e\n","date_modified":"2026-03-27T06:16:37Z","date_published":"2026-03-27T06:16:37Z","id":"/briefs/2026-03-spring-ai-spel-injection/","summary":"A SpEL injection vulnerability exists in Spring AI's SimpleVectorStore when a user-supplied value is used as a filter expression key, potentially allowing malicious actors to execute arbitrary code in vulnerable applications.","title":"Spring AI SimpleVectorStore SpEL Injection Vulnerability (CVE-2026-22738)","url":"https://feed.craftedsignal.io/briefs/2026-03-spring-ai-spel-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Spel-Injection","version":"https://jsonfeed.org/version/1.1"}