Detections
Analytics

Spring AI 1.0.x < 1.0.5 / 1.1.x < 1.1.4 Multiple Vulnerabilities

critical Nessus Plugin ID 304267

Language:

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Spring AI installed on the remote host is 1.0.x prior to 1.0.5 or 1.1.x prior to 1.1.4. It is, therefore, affected by multiple vulnerabilities, including:

 - A SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. (CVE-2026-22738)

 - A Server-Side Request Forgery (SSRF) vulnerability exists in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended destinations. (CVE-2026-22742)

 - A Cypher injection vulnerability exists in Neo4jVectorFilterExpressionConverter when a user-controlled string is passed as a filter expression key. (CVE-2026-22743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Spring AI version 1.0.5 or 1.1.4 or later.

See Also

https://spring.io/security/cve-2026-22738

https://spring.io/security/cve-2026-22742

https://spring.io/security/cve-2026-22743

https://spring.io/security/cve-2026-22744

Plugin Details

Severity: Critical

ID: 304267

File Name: spring_ai_CVE-2026-22738.nasl

Version: 1.3

Type: Local

Agent: windows, macosx, unix

Family: Misc.

Published: 3/30/2026

Updated: 4/6/2026

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-22738

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:spring:spring_ai

Required KB Items: installed_sw/Spring AI

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/26/2026

Vulnerability Publication Date: 3/26/2026

Reference Information

CVE: CVE-2026-22738, CVE-2026-22742, CVE-2026-22743, CVE-2026-22744