We are seeing reports of a SpEL injection vulnerability affecting SimpleVectorStore as of March 27, 2026. The CVE ID is CVE-2026-22738, and the vulnerability applies to Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4.
Evidence
According to News Source, the vulnerability has a CVSS score of 9.8, marking it as critical. First, it was discovered by security researchers in March 27, 2026. Initially, independent confirmation came from the same source, confirming that attackers can exploit user-supplied filter keys to execute arbitrary code.
Specifically, the mechanism involves unescaped SpEL expressions within SimpleVectorStore, allowing malicious input to be interpreted as code. Consequently, attackers could run arbitrary scripts on affected systems.
Who Should Be Concerned
Most importantly, CIOs, CISOs, COOs, and executives in mid-market and enterprise organizations that deploy Spring AI must address this issue. Additionally, system administrators should monitor for unescaped filter keys. In particular, regulatory bodies such as GDPR, HIPAA, and SEC may impose penalties if data is compromised.
Historical Context
Notably, similar SpEL injection vulnerabilities were reported earlier in Spring AI versions 1.0.3 and 1.1.2. As a result, the threat actor has evolved to target unescaped expressions across newer releases.
Detailed Impact Analysis
Currently, the impact spans potentially thousands of deployments worldwide. Once an attacker gains access, data at risk includes user credentials, sensitive documents, and application logs. Meanwhile, operational disruption could lead to downtime or unauthorized code execution. Consequently, based on the severity, organizations should act urgently.
Immediate Actions Required
Immediately, patch SimpleVectorStore to version 1.0.5 or 1.1.4. Next, deploy the patch within 24 hours. However, verify that the filter key handling is secure by testing with controlled inputs. Additionally, alternative mitigations include disabling user-supplied filter keys and enforcing strict validation. After deployment, monitor logs for any anomalous code execution.
Additional Resources
Vendor advisories are available at News Source. CISA/CERT alerts can be consulted via official sites.
