Skip to main content

Java EUVD-2026-16535

| CVE-2026-22738 CRITICAL
Improper Neutralization of Special Elements used in an Expression Language Statement (CWE-917)
2026-03-27 vmware GHSA-fvh3-672c-7p6c
Java RCE
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 16, 2026 - 20:22 vuln.today
cvss_changed
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 27, 2026 - 05:30 euvd
EUVD-2026-16535
Analysis Generated
Mar 27, 2026 - 05:30 vuln.today
CVE Published
Mar 27, 2026 - 05:21 nvd
CRITICAL 9.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 162 maven packages depend on org.springframework.ai:spring-ai-vector-store (35 direct, 127 indirect)

Ecosystem-wide dependent count for version 1.0.0.

DescriptionCVE.org

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Articles & Coverage 1

medium.com CVE-2026-22738: Unauthenticated RCE via SpEL Injection in Spring AI SimpleVectorStore

AnalysisAI

Spring AI versions 1.0.0 through 1.0.4 and 1.1.0 through 1.1.3 allow unauthenticated remote code execution through Spring Expression Language (SpEL) injection in the SimpleVectorStore component when user-supplied input is incorporated into filter expression keys. This critical vulnerability (CVSS 9.8) enables attackers to execute arbitrary code without authentication on applications using SimpleVectorStore with untrusted filter input. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious SpEL expression in user input
Exploit
Pass as filter expression key to SimpleVectorStore
Execution
SpEL parser evaluates injected code
Impact
Execute arbitrary code on server
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires Spring AI 1.0.0-1.0.4 or 1.1.0-1.1.3 with SimpleVectorStore enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability represents critical real-world risk based on converging threat signals. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies a Spring AI application that accepts search filters through an HTTP API endpoint and uses SimpleVectorStore for vector similarity operations. The attacker crafts a malicious HTTP request containing a SpEL expression payload in the filter parameter, such as a serialized Java object instantiation command or runtime execution directive. …
Remediation Upgrade Spring AI to version 1.0.5 or later for the 1.0.x series, or version 1.1.4 or later for the 1.1.x series as documented in the vendor security advisory at https://spring.io/security/cve-2026-22738. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all applications using Spring AI 1.0.0-1.0.4 or 1.1.0-1.1.3 and assess whether SimpleVectorStore processes untrusted user input in filter expressions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-28575 CRITICAL
10.0 Jun 17

Local denial of service in Android's PackageInstaller subsystem stems from a logic error in PackageInstallerSession.tran
CVE-2026-47835 HIGH
8.6 Jun 15

NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers t
CVE-2026-47825 HIGH
8.6 Jun 15

Origin validation failure in Spring Cloud Gateway (WebMVC and WebFlux Server variants) allows remote attackers to spoof

CVE-2026-41708 HIGH
7.5 Jun 15

Denial-of-service in Spring Cloud Sleuth 3.1.0 through 3.1.13 allows remote unauthenticated attackers to exhaust applica
CVE-2026-50196 HIGH
7.5 Jun 17

Denial of service in Steeltoe.Discovery.Eureka client (.NET) versions prior to 4.2.0 and 3.4.0 allows a remote Eureka re

Share

EUVD-2026-16535 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy