🔐 CVE Alert

CVE-2026-22744

HIGH 7.5
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
9th

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Vendor spring
Product spring ai
Ecosystems
Industries
TechnologyEnterprise
Published Mar 27, 2026
Last Updated Mar 27, 2026
Stay Ahead of the Next One

Get instant alerts for spring spring ai

Be the first to know when new high vulnerabilities affecting spring spring ai are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

Spring / Spring AI
1.0.0 < 1.0.5 1.1.0 < 1.1.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗
spring.io: https://spring.io/security/cve-2026-22744