CVE-2026-22744

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0....

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview @langchain/langgraph-checkpoint-redis is a Redis checkpoint and store implementation for LangGraph Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the list method in the RedisSaver an...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview @langchain/langgraph-checkpoint-mongodb is a LangGraph Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the list method in the RedisSaver and ShallowRedisSaver classes when...

RediSearch Query Injection in @langchain/langgraph-checkpoint-redis

Summary A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch queries by directly interpolating user-provided filter keys and values without proper escaping. RediSearch has...