PatchSiren cyber security CVE debrief
CVE-2026-22738 Vmware CVE debrief
CVE-2026-22738 is a critical Spring AI vulnerability in SimpleVectorStore. If an application uses user-supplied input as a filter expression key, a malicious actor may be able to trigger SpEL injection and execute arbitrary code. NVD lists this as CVSS 9.8, with network attack vector, no privileges required, and no user interaction.
- Vendor
- Vmware
- Product
- CVE-2026-22738
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-27
- Original CVE updated
- 2026-05-10
- Advisory published
- 2026-03-27
- Advisory updated
- 2026-05-10
Who should care
Teams running Spring AI applications that use SimpleVectorStore, especially any code paths that accept user-controlled values for filter expression keys. Security owners, platform teams, and developers maintaining AI-integrated Java services should prioritize review.
Technical summary
The issue is a SpEL injection flaw in SimpleVectorStore. According to the CVE description, exploitation is only relevant when user-supplied values are passed as a filter expression key. NVD maps affected Spring AI versions to 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4. The NVD CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, consistent with remote code execution impact.
Defensive priority
Highest. The combination of remote reachability, no authentication requirement, and potential arbitrary code execution makes this a priority patch and code-review item for exposed Spring AI deployments.
Recommended defensive actions
- Upgrade Spring AI to a non-affected release: 1.0.5 or later in the 1.0 line, or 1.1.4 or later in the 1.1 line.
- Audit all SimpleVectorStore usage for any path where user input can reach a filter expression key.
- Treat any dynamic expression construction as high risk; replace user-controlled expression keys with fixed allowlisted keys or structured parameters.
- Review logs, telemetry, and request paths for unexpected use of filter expressions in Spring AI components.
- Validate the vendor advisory and NVD record against your deployed Spring AI version before and after remediation.
Evidence notes
This debrief is based only on the supplied CVE record, NVD metadata, and the linked vendor advisory reference. The key facts used are: the vulnerability class is SpEL injection in SimpleVectorStore; only applications using user-supplied filter expression keys are affected; affected versions are 1.0.0 before 1.0.5 and 1.1.0 before 1.1.4; and NVD rates the issue CVSS 3.1 9.8 with AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Published date used for timing context is 2026-03-27, with NVD modification on 2026-05-10.
Official resources
-
CVE-2026-22738 CVE record
CVE.org
-
CVE-2026-22738 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Public disclosure date: 2026-03-27T06:16:37.663Z. NVD record last modified: 2026-05-10T14:16:48.133Z.