CVE-2026-22743— Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

N/A

VMware Spring AI 安全漏洞

VMware Spring AI是美国威睿（VMware）公司的一个在Spring生态中集成人工智能与大语言模型能力的开发框架。 VMware Spring AI 1.0.5之前版本和1.1.4之前版本存在安全漏洞，该漏洞源于Neo4jVectorFilterExpressionConverter对用户控制的字符串处理不当，可能导致Cypher注入攻击。

N/A

N/A