CVE-2026-22730

High CVSS: 8.8

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.

The vulnerability exists due to missing input sanitization.

Vendor

Vmware

Product

Spring Ai

CWE

CWE-89

Yayın Tarihi

2026-03-18 08:16:31

Güncelleme

2026-04-01 16:52:48

Source Identifier

security@vmware.com

KEV Date Added

Kategoriler

CWE-89 Spring Ai HIGH Vmware 2026

Referanslar

https://spring.io/security/cve-2026-22730

Benzer Kayıtlar

High

CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass…

Medium

CVE-2026-22721

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to ac…

High

CVE-2026-22720

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create…

High

CVE-2026-22719

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this is…

High

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with…

High

CVE-2025-41231

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Fo…