Description

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents. This vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata. The vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters like ", ||, and && are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics.

INFO

Published Date :

2026-03-18T07:39:56.739Z

Last Modified :

2026-03-18T15:35:10.685Z

Source :

vmware
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22729 vulnerability.

Vendors Products
Vmware
  • Spring
  • Spring Ai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22729.

URL Resource
https://spring.io/security/cve-2026-22729 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact