JSONPath Injection Vulnerability in Spring AI's AbstractFilterExpressionConverter
CVE-2026-22729
What is CVE-2026-22729?
CVE-2026-22729 is a JSONPath injection vulnerability found in Spring AI's AbstractFilterExpressionConverter, developed by VMware. The vulnerability arises from the improper handling of user-controlled input when constructing JSONPath queries. Specifically, crafted filter expressions can be used by authenticated users to bypass metadata-based access controls, which are crucial for maintaining document security in multi-tenant environments. The failure to properly escape special characters in user inputs allows attackers to inject arbitrary JSONPath logic, potentially gaining unauthorized access to sensitive documents and information.
This vulnerability particularly affects applications that utilize vector stores extending the AbstractFilterExpressionConverter for purposes such as role-based access control and document filtering. Such misconfigurations could lead to serious security breaches in applications where protecting user data is paramount.
Potential impact of CVE-2026-22729
-
Bypassing Access Controls: The vulnerability enables authenticated users to manipulate access controls, potentially allowing unauthorized access to sensitive data, which can lead to data leaks and privacy violations.
-
Exploitation of Multi-Tenant Applications: For applications employing multi-tenant isolation, this flaw presents a significant risk as it can allow one tenant to access or influence data belonging to another tenant, undermining the isolation principles vital for application security.
-
Alteration of Query Semantics: The injection of arbitrary JSONPath logic can alter expected query behavior, leading to unintended data exposure or modification, which can compromise data integrity and application reliability.
Affected Version(s)
Spring AI 1.0.x < 1.0.4
Spring AI 1.1.x < 1.1.3