Back to Blog

Cantina Case Study: How Apex found a high-severity bug in Spring AI

Cantina Case Study: How Apex found a high-severity bug in Spring AI

Here is how Apex caught CVE-2026-22743.

On March 27, 2026, a high-severity vulnerability designated as CVE-2026-22743 was published. The vulnerability affects the spring-ai-neo4j-store component of Spring AI, specifically impacting versions 1.0.0 through 1.0.4, and 1.1.0 through 1.1.3. With a CVSS v3.1 score of 7.5, the flaw enables unauthenticated, remote Cypher injection, posing a significant risk to data confidentiality in applications that integrate Spring AI with Neo4j graph databases.

The Threat

The core issue resides in the Neo4jVectorFilterExpressionConverter class.

When a user-supplied string is passed as a filter expression key, the implementation embeds this string into a Cypher query property accessor using backticks (e.g., node.metadata.). While the code successfully strips double quotes from the input, it completely fails to escape embedded backticks.

Attack Vector & Impact:

  • Execution: An attacker can input a string containing a backtick to break out of the intended property accessor and inject arbitrary Cypher database commands.
  • Exploitability: The vulnerability is remotely exploitable. It requires no authentication and no user interaction (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
  • Consequences: Attackers can manipulate the query logic executed against the Neo4j database. While they cannot delete or modify data, they can bypass intended filters and access controls to exfiltrate highly confidential metadata, leading to privacy violations and intellectual property exposure.

The Mitigation

Traditional remediation for CVE-2026-22743 requires a multi-step manual process to secure the application and its data:

  1. Version Upgrade: Update the affected Spring AI dependencies to patched versions (1.0.5 or 1.1.4).
  2. Code Modification: Manually rewrite the Neo4jVectorFilterExpressionConverter logic to properly escape backticks before embedding them into queries.
  3. Input Validation: Implement strict input sanitization on all user-controlled filter expression keys across the application to reject special characters.
  4. Network Defenses: Deploy Web Application Firewalls (WAFs) or database query firewalls configured to detect anomalous Cypher injection patterns.
  5. Access Restriction: Limit the network exposure of Neo4j instances to trusted services only.

How Apex Caught It

Cantina’s Apex identified this vulnerability through its contextual codebase analysis capabilities.

Instead of relying on rigid, pre-defined signature rules, Apex mapped the data flow from the application's external inputs down to the spring-ai-neo4j-store dependency. During its scan, Apex flagged the doKey() function within the Neo4jVectorFilterExpressionConverter. The agent recognized that stripping only double quotes was a mathematically insufficient sanitization method for a query constructed with backticks.

Apex validated the exploit path, confirming that a user payload could traverse to the Neo4j database unaltered. Upon verifying the risk, Apex autonomously generated the exact code patch required to escape the backticks, created a Pull Request, and applied the fix to the repository—closing the vulnerability before manual triage was necessary.

How Apex operates:

Apex is an agentic application security solution designed to integrate into the development lifecycle. It operates autonomously to identify, validate, and remediate codebase vulnerabilities.

  • Full Contextual Coverage: Apex ingests and analyzes the entire codebase, including custom code, APIs, and third-party dependencies. It maps execution paths to understand how different components interact.
  • Accurate Risk Identification: By validating execution paths, Apex differentiates between theoretical vulnerabilities and genuinely exploitable flaws, significantly reducing false-positive alert generation.
  • Autonomous Remediation: Upon detecting a verified vulnerability, Apex generates the necessary remediation code and submits a Pull Request directly to the repository for review or auto-merging.
  • Continuous Pipeline Protection: The agent scans every commit, pull request, and deployment in real time, ensuring that security analysis runs continuously throughout the software development lifecycle.

Secure your codebase at the speed of modern development. Get a demo of Apex today to see how autonomous application security works in practice.