Tag

Spring-Ai

4 briefs RSS

Spring AI Redis Store TAG Injection Vulnerability (CVE-2026-22744)

CVE-2026-22744 is a code injection vulnerability in Spring AI's RedisFilterExpressionConverter which allows an attacker to inject arbitrary commands into RediSearch TAG blocks via unescaped user-controlled strings, affecting versions 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4.

injection spring-ai redis

2r 1t Mar 27, 2026

critical advisory

Spring AI SimpleVectorStore SpEL Injection Vulnerability (CVE-2026-22738)

2 rules 1 TTP 1 IOC

A SpEL injection vulnerability exists in Spring AI's SimpleVectorStore when a user-supplied value is used as a filter expression key, potentially allowing malicious actors to execute arbitrary code in vulnerable applications.

spel-injection spring-ai cve-2026-22738 code-execution

2r 1t 1i Mar 27, 2026

high advisory

Spring AI BedrockProxyChatModel SSRF Vulnerability (CVE-2026-22742)

2 rules 1 TTP 2 IOCs

Spring AI's spring-ai-bedrock-converse library is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied media URLs in multimodal messages, allowing attackers to trigger HTTP requests to internal or external destinations.

ssrf spring-ai bedrockproxychatmodel cve-2026-22742

2r 1t 2i Mar 27, 2026

high advisory

CVE-2026-22729: JSONPath Injection Vulnerability in Spring AI's PgVectorStore

2 rules 1 TTP

CVE-2026-22729 is a JSONPath Injection vulnerability found in Spring AI's PgVectorStore, potentially allowing for unauthorized data access or modification.

cve-2026-22729 jsonpath-injection spring-ai

2r 1t Mar 19, 2026