Primary

Context

Spring AI SQL Injection Vulnerability in MariaDBFilterExpressionConverter

Vulnerability

A critical SQL injection vulnerability has been identified in Spring AI's MariaDBFilterExpressionConverter. This vulnerability allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The issue arises from inadequate input sanitization.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, potentially leading to unauthorized data access or manipulation.

Remediation

Users of Spring AI versions 1.0.x should upgrade to 1.0.4, and users of versions 1.1.x should upgrade to 1.1.3.

Added: Mar 18, 2026, 8:22 AM

Updated: Mar 18, 2026, 8:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring AI SQL Injection Vulnerability in MariaDBFilterExpressionConverter

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating