{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22743", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-01-09T06:54:49.675Z", "datePublished": "2026-03-27T05:33:20.872Z", "dateUpdated": "2026-03-27T05:33:20.872Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-03-27T05:33:20.872Z"}, "title": "Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore", "affected": [{"vendor": "Spring", "product": "Spring AI", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.5", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Spring AI's\u00a0spring-ai-neo4j-store\u00a0contains a Cypher injection vulnerability in\u00a0Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in\u00a0Neo4jVectorFilterExpressionConverter\u00a0of\u00a0spring-ai-neo4j-store,\u00a0doKey()\u00a0embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Spring AI's&nbsp;<code>spring-ai-neo4j-store</code>&nbsp;contains a Cypher injection vulnerability in&nbsp;<code>Neo4jVectorFilterExpressionConverter</code>. When a user-controlled string is passed as a filter expression key in&nbsp;<code>Neo4jVectorFilterExpressionConverter</code>&nbsp;of&nbsp;<code>spring-ai-neo4j-store</code>,&nbsp;<code>doKey()</code>&nbsp;embeds the key into a backtick-delimited Cypher property accessor (<code>node.`metadata.`</code>) after stripping only double quotes, without escaping embedded backticks.<p>This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.</p>"}]}], "references": [{"url": "https://spring.io/security/cve-2026-22743"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Spring AI's\u00a0spring-ai-neo4j-store\u00a0contains a Cypher injection vulnerability in\u00a0Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in\u00a0Neo4jVectorFilterExpressionConverter\u00a0of\u00a0spring-ai-neo4j-store,\u00a0doKey()\u00a0embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4."}], "id": "CVE-2026-22743", "lastModified": "2026-03-27T06:16:37.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-03-27T06:16:37.977", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2026-22743"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T07:50:22.904328+00:00", "value": {"mitigation_remediation": ["Upgrade spring\u2011ai\u2011neo4j\u2011store to version 1.0.5 or later, or to 1.1.4 or later, which address the injection weakness."], "summary": {"action": "Immediate Patch", "impact": "Database Compromise via Cypher injection"}, "threat_synthesis": {"affected_systems": "Spring AI\u2019s spring\u2011ai\u2011neo4j\u2011store is affected from version 1.0.0 up to, but not including, 1.0.5, and from version 1.1.0 up to, but not including, 1.1.4. Users running any of these releases should verify whether the component is exposed to untrusted input and plan an update.", "description_and_impact": "The vulnerability is in Spring AI\u2019s spring\u2011ai\u2011neo4j\u2011store, where a user\u2011controlled key in Neo4jVectorFilterExpressionConverter is inserted into a backtick\u2011delimited Cypher property accessor without escaping backticks. This allows an attacker to inject arbitrary Cypher code, potentially reading, modifying, or deleting sensitive data within the Neo4j database, thereby jeopardizing the confidentiality, integrity, and availability of stored information.", "risk_and_exploitability": "A CVSS score of 7.5 indicates high severity. The exploit relies on crafted input containing backticks, which if the component processes data from unauthenticated users or privileged contexts, can be leveraged remotely. Although an EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the high score and injection nature suggest significant risk if the system is publicly accessible."}}}}, "created": "2026-03-27T09:22:08.425026+00:00", "updated": "2026-03-27T09:22:08.425070+00:00", "vendors": [], "weaknesses": ["CWE-89"]}