Platform
java
Component
org.springframework.ai:spring-ai-redis-store
Fixed in
1.0.5
1.1.4
1.0.5
CVE-2026-22744 describes a Redis injection vulnerability discovered in the org.springframework.ai:spring-ai-redis-store component. This flaw allows attackers to inject malicious commands into RediSearch queries via unescaped user-controlled input within TAG filter values. Versions 1.0.0 through 1.0.4 and 1.1.0 before 1.1.4 are affected. A fix is available in version 1.0.5.
An attacker exploiting this vulnerability can inject arbitrary RediSearch commands by crafting malicious filter values. This could lead to data exfiltration, denial of service, or even remote code execution if RediSearch is configured to allow external connections. The severity stems from the potential to manipulate the underlying Redis database and execute commands with the privileges of the Spring AI application. This is particularly concerning in environments where Spring AI is used to process sensitive data or interact with critical systems. The lack of proper escaping allows attackers to bypass intended security controls and gain unauthorized access.
This vulnerability was publicly disclosed on March 27, 2026. Currently, there are no known public exploits or active campaigns targeting this specific vulnerability. It is not listed on the CISA KEV catalog at the time of this writing. The vulnerability's impact is dependent on the configuration of RediSearch and the sensitivity of the data stored within the Redis database.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to version 1.0.5 or later of spring-ai-redis-store. If upgrading immediately is not feasible, consider implementing input validation and sanitization on all user-provided filter values before passing them to the RedisFilterExpressionConverter. Additionally, restrict access to the Redis instance to only trusted sources and review RediSearch configuration to minimize potential attack surface. Monitor Redis logs for unusual activity or unexpected commands. After upgrading, verify the fix by attempting to inject a simple RediSearch command through a TAG filter and confirming it is properly escaped and not executed.
Update the Spring AI Redis Store library to version 1.0.5 or higher if you are using the 1.0.x branch, or to version 1.1.4 or higher if you are using the 1.1.x branch. This will correct the Redis filter expression injection vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-22744 is a high-severity vulnerability in Spring AI Redis Store where unescaped user input in TAG filters can lead to RediSearch command injection.
You are affected if you are using Spring AI Redis Store versions 1.0.0 through 1.0.4 or 1.1.0 before 1.1.4.
Upgrade to version 1.0.5 or later of spring-ai-redis-store. Implement input validation as a temporary workaround.
There are currently no known public exploits or active campaigns targeting CVE-2026-22744.
Refer to the Spring AI project's official security advisories and release notes for details: [https://github.com/spring-ai/spring-ai/security/advisories](https://github.com/spring-ai/spring-ai/security/advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.