LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-22738

CVE-2026-22738 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 27, 2026

Spring AI - Template Injection

Published: March 27, 2026Updated: March 27, 2026Remote Exploitable

Overview

Spring AI 1.0.0 < 1.0.5 and 1.1.0 < 1.1.4 contain a template injection caused by user-supplied values used as filter expression keys in SimpleVectorStore, letting attackers execute arbitrary code, exploit requires user input as filter key.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code remotely, potentially leading to full system compromise.

Mitigation

Upgrade to versions 1.0.5 or 1.1.4 or later.

References

Social Media Activity(2 posts)

Offensive Sequence
Offensive Sequence
@offseq
Mar 27, 2026

🚨 CRITICAL: CVE-2026-22738 in Spring AI SimpleVectorStore allows unauth RCE via SpEL injection (1.0.0 – 1.0.4, 1.1.0 – 1.1.3). Patch to 1.0.5/1.1.4 when released. Validate input now! https://radar.offseq.com/threat/cve-2026-22738-vulnerability-in-spring-spring-ai-473dec2d #OffSeq #SpringAI #infosec #CVE202622738

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 27, 2026

🚨 CRITICAL: CVE-2026-22738 in Spring AI SimpleVectorStore allows unauth RCE via SpEL injection (1.0.0 – 1.0.4, 1.1.0 – 1.1.3). Patch to 1.0.5/1.1.4 when released. Validate input now! https://radar.offseq.com/threat/cve-2026-22738-vulnerability-in-spring-spring-ai-473dec2d #OffSeq #SpringAI #infosec #CVE202622738

View original post

Related Resources

Details

CVE ID
CVE-2026-22738
Severity
Critical
CVSS Score
9.8
Type
template_injection
Status
new
EPSS
0.0%
Social Posts
2

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days