CVE ID :CVE-2026-22743 Published : March 27, 2026, 6:16 a.m. | 1 hour, 21 minutes ago Description :Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...