CVE-2026-22730 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 18, 2026
Spring AI MariaDBFilterExpressionConverter - SQL Injection
Published: March 18, 2026Updated: March 18, 2026Remote Exploitable
Overview
Spring AI MariaDBFilterExpressionConverter contains a sql injection caused by missing input sanitization, letting attackers bypass metadata-based access controls and execute arbitrary SQL commands, exploit requires crafted input.
Severity & Score
Severity: High
CVSS Score: 8.8
EPSS Score: 2.1%(Probability of exploitation in next 30 days)
Impact
Attackers can execute arbitrary SQL commands, bypassing access controls and compromising database integrity and confidentiality.
Mitigation
Update to the latest version with input sanitization fixes.
Social Media Activity(1 post)
/r/netsec
@_r_netsec
CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-22730
- Severity
- High
- CVSS Score
- 8.8
- Type
- sql_injection
- Status
- unconfirmed
- EPSS
- 2.1%
- Social Posts
- 1
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
2.1%Probability of exploitation in the next 30 days