{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/spring-ai/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["injection","spring-ai","redis"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-22744 is a critical vulnerability found within the \u003ccode\u003eRedisFilterExpressionConverter\u003c/code\u003e of the Spring AI Redis Store. The vulnerability arises because the \u003ccode\u003estringValue()\u003c/code\u003e function directly inserts user-supplied strings into the \u003ccode\u003e@field:{VALUE}\u003c/code\u003e RediSearch TAG block without proper sanitization or escaping. This allows an attacker to inject arbitrary commands or data into the Redis database if they can control the input used as a filter value for a TAG field. This vulnerability affects…\u003c/p\u003e\n","date_modified":"2026-03-27T06:16:38Z","date_published":"2026-03-27T06:16:38Z","id":"/briefs/2026-03-spring-ai-redis-injection/","summary":"CVE-2026-22744 is a code injection vulnerability in Spring AI's RedisFilterExpressionConverter which allows an attacker to inject arbitrary commands into RediSearch TAG blocks via unescaped user-controlled strings, affecting versions 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4.","title":"Spring AI Redis Store TAG Injection Vulnerability (CVE-2026-22744)","url":"https://feed.craftedsignal.io/briefs/2026-03-spring-ai-redis-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["spel-injection","spring-ai","cve-2026-22738","code-execution"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA SpEL (Spring Expression Language) injection vulnerability, identified as CVE-2026-22738, has been discovered in the SimpleVectorStore component of Spring AI. This flaw occurs when a user-supplied value is used as a filter expression key within SimpleVectorStore. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. The vulnerability affects Spring AI versions 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4. Only applications that…\u003c/p\u003e\n","date_modified":"2026-03-27T06:16:37Z","date_published":"2026-03-27T06:16:37Z","id":"/briefs/2026-03-spring-ai-spel-injection/","summary":"A SpEL injection vulnerability exists in Spring AI's SimpleVectorStore when a user-supplied value is used as a filter expression key, potentially allowing malicious actors to execute arbitrary code in vulnerable applications.","title":"Spring AI SimpleVectorStore SpEL Injection Vulnerability (CVE-2026-22738)","url":"https://feed.craftedsignal.io/briefs/2026-03-spring-ai-spel-injection/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","spring-ai","bedrockproxychatmodel","cve-2026-22742"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA Server-Side Request Forgery (SSRF) vulnerability has been identified in the spring-ai-bedrock-converse library within Spring AI. The vulnerability resides in the BedrockProxyChatModel component and arises during the processing of multimodal messages. Specifically, when handling user-supplied media URLs, the application fails to adequately validate these URLs. This lack of validation allows a malicious actor to inject arbitrary URLs, potentially causing the server to make unintended HTTP…\u003c/p\u003e\n","date_modified":"2026-03-27T06:16:37Z","date_published":"2026-03-27T06:16:37Z","id":"/briefs/2026-03-spring-ai-ssrf/","summary":"Spring AI's spring-ai-bedrock-converse library is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied media URLs in multimodal messages, allowing attackers to trigger HTTP requests to internal or external destinations.","title":"Spring AI BedrockProxyChatModel SSRF Vulnerability (CVE-2026-22742)","url":"https://feed.craftedsignal.io/briefs/2026-03-spring-ai-ssrf/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-22729","jsonpath-injection","spring-ai"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-22729 is a newly identified JSONPath Injection vulnerability affecting the PgVectorStore component within the Spring AI framework. The vulnerability arises from insufficient input sanitization when processing JSONPath expressions, potentially allowing attackers to inject malicious code into queries. Successful exploitation could lead to unauthorized data access, modification, or even remote code execution depending on the application\u0026rsquo;s configuration and permissions. This vulnerability…\u003c/p\u003e\n","date_modified":"2026-03-19T12:35:09Z","date_published":"2026-03-19T12:35:09Z","id":"/briefs/2024-06-spring-ai-jsonpath-injection/","summary":"CVE-2026-22729 is a JSONPath Injection vulnerability found in Spring AI's PgVectorStore, potentially allowing for unauthorized data access or modification.","title":"CVE-2026-22729: JSONPath Injection Vulnerability in Spring AI's PgVectorStore","url":"https://feed.craftedsignal.io/briefs/2024-06-spring-ai-jsonpath-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Spring-Ai","version":"https://jsonfeed.org/version/1.1"}