Skip to content

CVE-2026-22730 SQL Injection in Spring AI’s MariaDB Vector S... #2029

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
carlospolop merged 2 commits into from
Mar 31, 2026
+18 −4
Merged

CVE-2026-22730 SQL Injection in Spring AI’s MariaDB Vector S... #2029

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
793b947
Add content from: CVE-2026-22730: SQL Injection in Spring AI’s MariaD…
Mar 19, 2026
be31b7e
Merge branch 'master' into update_CVE-2026-22730__SQL_Injection_in_Sp…
carlospolop Mar 31, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 18 additions & 4 deletions src/pentesting-web/sql-injection/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -652,6 +652,23 @@ Mitigations:
- Never concatenate identifiers from user input. Map allowed column names to a fixed allow-list and quote identifiers properly.
- If dynamic table access is required, restrict to a finite set and resolve server-side from a safe mapping.


### SQLi via AST/filter-to-SQL converters (JSON_VALUE predicates)

Some frameworks **convert structured filter ASTs into raw SQL boolean fragments** (e.g., metadata filters or JSON predicates) and then **string-concatenate** those fragments into larger queries. If the converter **wraps string values as `'%s'` without escaping**, a single quote in user input terminates the literal and the rest is parsed as SQL.

Example pattern (conceptual):

```sql
JSON_VALUE(metadata, '$.department') = '<user_value>'
```

Payload (URL-encoded): `%27%20OR%20%271%27%3D%271` → decoded: `' OR '1'='1` → predicate becomes:

```sql
JSON_VALUE(metadata, '$.department') = '' OR '1'='1'
```

### ORDER BY / identifier-based SQLi (PDO limitation)

Prepared statements **cannot bind identifiers** (column or table names). A common unsafe pattern is to take a user-controlled `sort` parameter and build `ORDER BY` using string concatenation, sometimes wrapping the input in backticks to “sanitize” it. This still enables SQLi because the identifier context is attacker-controlled.
Expand All @@ -670,10 +687,6 @@ Signals in traffic:
- Sort parameter in **POST** (often `sort=column`), not a fixed allow-list.
- Changing `sort` breaks the query or alters output ordering.

Mitigation:

- Map user input to a **fixed allow-list** of column names and only interpolate mapped identifiers.
- Never rely on backticks as “sanitization” for identifiers.

### WAF bypass suggester tools

Expand All @@ -697,6 +710,7 @@ https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/sqli.txt
## References

- [https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/](https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/)
- [https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/](https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/)
- [HTB: Gavel](https://0xdf.gitlab.io/2026/03/14/htb-gavel.html)

{{#include ../../banners/hacktricks-training.md}}