Cyber Resilience

CVE-2026-22730

High

Published: 18 March 2026

Published
18 March 2026
Modified
01 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0052 40.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22730 is a high-severity SQL Injection (CWE-89) vulnerability in Vmware Spring Ai. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-22730 is a critical SQL injection vulnerability (CWE-89) in Spring AI's MariaDBFilterExpressionConverter, published on 2026-03-18T08:16:31.170. The issue arises from missing input sanitization, allowing attackers to bypass metadata-based access controls and execute arbitrary SQL commands. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability is exploitable over the network (AV:N) with low attack complexity (AC:L) by users possessing low privileges (PR:L), without requiring user interaction (UI:N) and without changing scope (S:U). Attackers can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) through arbitrary SQL execution.

Mitigation details are available in the official Spring advisory at https://spring.io/security/cve-2026-22730.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.

CWE(s)

AI Security AnalysisAI

AI Category
NLP and Transformers
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection in Spring AI component directly enables remote exploitation of a public-facing application to execute arbitrary SQL.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22743Same product: Vmware Spring Ai
CVE-2026-40978Same product: Vmware Spring Ai
CVE-2026-41705Same product: Vmware Spring Ai
CVE-2026-22744Same product: Vmware Spring Ai
CVE-2026-40967Same product: Vmware Spring Ai
CVE-2026-22738Same product: Vmware Spring Ai
CVE-2026-22729Same product: Vmware Spring Ai
CVE-2026-22742Same product: Vmware Spring Ai
CVE-2026-41713Same product: Vmware Spring Ai
CVE-2026-41712Same product: Vmware Spring Ai

Affected Assets

vmware
spring ai
1.0.0 — 1.0.4 · 1.1.0 — 1.1.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the SQL injection vulnerability by enforcing input validation and sanitization in the MariaDBFilterExpressionConverter to prevent arbitrary SQL execution.

prevent

Requires identification, reporting, and correction of the specific SQL injection flaw in Spring AI's component, preventing exploitation post-remediation.

detectrespond

Scans for vulnerabilities like CVE-2026-22730, enabling detection and prioritized remediation to address the missing input sanitization issue.

References