CVE-2026-22730
Published: 18 March 2026
Summary
CVE-2026-22730 is a high-severity SQL Injection (CWE-89) vulnerability in Vmware Spring Ai. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Data-Related Vulnerabilities risk domain.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-22730 is a critical SQL injection vulnerability (CWE-89) in Spring AI's MariaDBFilterExpressionConverter, published on 2026-03-18T08:16:31.170. The issue arises from missing input sanitization, allowing attackers to bypass metadata-based access controls and execute arbitrary SQL commands. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability is exploitable over the network (AV:N) with low attack complexity (AC:L) by users possessing low privileges (PR:L), without requiring user interaction (UI:N) and without changing scope (S:U). Attackers can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) through arbitrary SQL execution.
Mitigation details are available in the official Spring advisory at https://spring.io/security/cve-2026-22730.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12797
Vulnerability details
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in Spring AI component directly enables remote exploitation of a public-facing application to execute arbitrary SQL.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the SQL injection vulnerability by enforcing input validation and sanitization in the MariaDBFilterExpressionConverter to prevent arbitrary SQL execution.
Requires identification, reporting, and correction of the specific SQL injection flaw in Spring AI's component, preventing exploitation post-remediation.
Scans for vulnerabilities like CVE-2026-22730, enabling detection and prioritized remediation to address the missing input sanitization issue.