CVE-2026-22730

Summary

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.

The vulnerability exists due to missing input sanitization.

Affected Software

VendorProductVersion RangeStatus
VMwareSpring AI1.0.x < 1.0.4affected
VMwareSpring AI1.1.x < 1.1.3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References