CVE-2026-22744
Published: 27 March 2026
Summary
CVE-2026-22744 is a high-severity an unspecified weakness vulnerability in Vmware Spring Ai. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring validation and sanitization of user-controlled filter values before insertion into RediSearch TAG blocks, preventing injection.
Ensures timely patching of the Spring AI flaw through upgrades to versions 1.0.5+ or 1.1.4+ where inputs are properly escaped.
Enables detection of the vulnerable Spring AI versions via regular vulnerability scanning, facilitating remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of public-facing Spring AI Redis component via unsanitized filter input leading to unauthorized data access.
NVD Description
In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0.5,…
more
from 1.1.0 before 1.1.4.
Deeper analysisAI
CVE-2026-22744 is a vulnerability in the RedisFilterExpressionConverter component of spring-ai-redis-store, part of the Spring AI project. It occurs when a user-controlled string is passed as a filter value for a TAG field, as the stringValue() method inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping special characters. This flaw affects Spring AI versions from 1.0.0 before 1.0.5 and from 1.1.0 before 1.1.4. The issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no requirements for privileges or user interaction.
Remote, unauthenticated attackers can exploit this vulnerability by supplying a malicious filter value for a TAG field in Redis queries processed through the affected component. Successful exploitation allows attackers to manipulate RediSearch TAG blocks, potentially leading to unauthorized disclosure of sensitive information stored in the Redis database.
The Spring security advisory at https://spring.io/security/cve-2026-22744 recommends upgrading to Spring AI version 1.0.5 or later for the 1.0.x branch, or 1.1.4 or later for the 1.1.x branch, where the input is properly escaped to prevent injection. No workarounds are specified in the available information.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, ai