Home / Vulnerability Intelligence / CVE-2026-22730

CVE-2026-22730 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 18, 2026

Spring AI MariaDBFilterExpressionConverter - SQL Injection

Published: March 18, 2026Updated: March 18, 2026Remote Exploitable

Overview

Spring AI MariaDBFilterExpressionConverter contains a sql injection caused by missing input sanitization, letting attackers bypass metadata-based access controls and execute arbitrary SQL commands, exploit requires crafted input.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 1.6%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary SQL commands, bypassing access controls and compromising database integrity and confidentiality.

Mitigation

Update to the latest version with input sanitization fixes.

References

https://spring.io/security/cve-2026-22730

Social Media Activity(1 post)

CyberVeille.ch

@cyberveille

Mar 23, 2026

📢 CVE-2026-22730 : Injection SQL dans Spring AI MariaDB permettant un contournement du contrôle d'accès 📝 ## 🔍 Contexte Publié le 19 mars 2026 par SecureLayer7 (Sandeep Kamble, outil Bugdazz /... 📖 cyberveille : https://cyberveille.ch/posts/2026-03-22-cve-2026-22730-injection-sql-dans-spring-ai-mariadb-permettant-un-contournement-du-controle-d-acces/ 🌐 source : https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/ #Bugdazz #CVE_2026_22730 #Cyberveille

View original post

GitHub Repositories(1 repo)

https://github.com/NULL200OK/CVE-2026-22730-Scanner

Related Resources

Details

CVE ID: CVE-2026-22730
Severity: High
CVSS Score: 8.8
Type: sql_injection
Status: unconfirmed
EPSS: 1.6%
Social Posts: 1

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.6%Probability of exploitation in the next 30 days