CVE-2026-22743
published 2026-03-27CVE-2026-22743: Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.25%
16.2th percentile
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spring | spring_ai | >= 1.0.0 < 1.0.5 | 1.0.5 |
| spring | spring_ai | >= 1.1.0 < 1.1.4 | 1.1.4 |
| vmware | spring_ai | >= 1.0.0 < 1.0.5 | 1.0.5 |
| vmware | spring_ai | >= 1.1.0 < 1.1.4 | 1.1.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter
osv·2026-03-27
CVE-2026-22743 [HIGH] Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter
Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.
GHSA
Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter
ghsa·2026-03-27
CVE-2026-22743 [HIGH] CWE-89 Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter
Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.
No detection rules found.
No public exploits indexed.
2026-03-27
Published