{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22743", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-01-09T06:54:49.675Z", "datePublished": "2026-03-27T05:33:20.872Z", "dateUpdated": "2026-03-27T19:38:58.544Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-03-27T05:33:20.872Z"}, "title": "Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore", "affected": [{"vendor": "Spring", "product": "Spring AI", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.5", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Spring AI's\u00a0spring-ai-neo4j-store\u00a0contains a Cypher injection vulnerability in\u00a0Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in\u00a0Neo4jVectorFilterExpressionConverter\u00a0of\u00a0spring-ai-neo4j-store,\u00a0doKey()\u00a0embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Spring AI's&nbsp;<code>spring-ai-neo4j-store</code>&nbsp;contains a Cypher injection vulnerability in&nbsp;<code>Neo4jVectorFilterExpressionConverter</code>. When a user-controlled string is passed as a filter expression key in&nbsp;<code>Neo4jVectorFilterExpressionConverter</code>&nbsp;of&nbsp;<code>spring-ai-neo4j-store</code>,&nbsp;<code>doKey()</code>&nbsp;embeds the key into a backtick-delimited Cypher property accessor (<code>node.`metadata.`</code>) after stripping only double quotes, without escaping embedded backticks.<p>This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.</p>"}]}], "references": [{"url": "https://spring.io/security/cve-2026-22743"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T19:38:40.716545Z", "id": "CVE-2026-22743", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:38:58.544Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22743", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T19:38:40.716545Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:38:54.694Z"}}], "cna": {"title": "Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Spring", "product": "Spring AI", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.5", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://spring.io/security/cve-2026-22743"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Spring AI's\u00a0spring-ai-neo4j-store\u00a0contains a Cypher injection vulnerability in\u00a0Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in\u00a0Neo4jVectorFilterExpressionConverter\u00a0of\u00a0spring-ai-neo4j-store,\u00a0doKey()\u00a0embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.", "supportingMedia": [{"type": "text/html", "value": "Spring AI's&nbsp;<code>spring-ai-neo4j-store</code>&nbsp;contains a Cypher injection vulnerability in&nbsp;<code>Neo4jVectorFilterExpressionConverter</code>. When a user-controlled string is passed as a filter expression key in&nbsp;<code>Neo4jVectorFilterExpressionConverter</code>&nbsp;of&nbsp;<code>spring-ai-neo4j-store</code>,&nbsp;<code>doKey()</code>&nbsp;embeds the key into a backtick-delimited Cypher property accessor (<code>node.`metadata.`</code>) after stripping only double quotes, without escaping embedded backticks.<p>This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.</p>", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-03-27T05:33:20.872Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22743", "state": "PUBLISHED", "dateUpdated": "2026-03-27T19:38:58.544Z", "dateReserved": "2026-01-09T06:54:49.675Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2026-03-27T05:33:20.872Z", "assignerShortName": "vmware"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Spring AI's\u00a0spring-ai-neo4j-store\u00a0contains a Cypher injection vulnerability in\u00a0Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in\u00a0Neo4jVectorFilterExpressionConverter\u00a0of\u00a0spring-ai-neo4j-store,\u00a0doKey()\u00a0embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4."}], "id": "CVE-2026-22743", "lastModified": "2026-03-30T13:26:29.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-03-27T06:16:37.977", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2026-22743"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,1.0.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.1.0,1.1.4)"}}], "enrichment": {"confidence": 90.0, "confidence_source": "matching", "scores": [{"score": 90.0, "source": "matching"}]}, "original": {"product": "Spring AI", "source": "cna", "vendor": "Spring"}, "product": "spring", "vendor": "spring"}], "analysis": {"en": {"generated_at": "2026-03-27T10:20:43.587103+00:00", "value": {"mitigation_remediation": ["Upgrade spring-ai-neo4j-store to version 1.0.5 or later, or 1.1.4 or later.", "If an upgrade is not immediately possible, restrict the characters allowed in filter expression keys by rejecting backticks and other special characters.", "Implement input validation or a whitelist of acceptable keys to prevent arbitrary Cypher construction.", "Monitor application logs for unexpected Cypher queries or error messages that may indicate an injection attempt."], "summary": {"action": "Immediate Patch", "impact": "Database code execution via Cypher injection"}, "threat_synthesis": {"affected_systems": "Affected versions are Spring AI spring\u2011ai\u2011neo4j\u2011store 1.0.0 through 1.0.4 and 1.1.0 through 1.1.3. Any deployment using these releases is vulnerable.", "description_and_impact": "Spring AI\u2019s spring\u2011ai\u2011neo4j\u2011store contains a Cypher injection flaw in the Neo4jVectorFilterExpressionConverter. When a filter expression key supplied by a user is inserted into a backtick\u2011delimited Cypher property accessor after stripping only double quotes, the resulting Cypher statement can include arbitrary code, allowing an attacker to read, modify, or delete data within the Neo4j database. The weakness corresponds to CWE\u201189 and leads to loss of confidentiality, integrity, and potentially availability if the attacker can disrupt the database.", "risk_and_exploitability": "The vulnerability carries a CVSS base score of 7.5, indicating high severity. An exploit would require the ability to supply a filter expression key, which may be available to authenticated users of the application or possibly unauthenticated users depending on how the component is exposed. No EPSS data is available and the vulnerability is not currently listed in the CISA KEV catalog, suggesting limited public exploitation to date, but the high score and injection nature warrant serious attention."}}}}, "created": "2026-03-27T09:22:08.425026+00:00", "updated": "2026-03-30T07:59:50.040036+00:00", "vendors": ["spring", "spring$PRODUCT$spring"]}