Skip to content
.ca
sign in
3 minhigh

Cyber Centre Daily Advisory Digest — 2026-03-17 (2 advisories)

The Canadian Centre for Cyber Security released a daily digest highlighting critical vulnerabilities in Spring AI, including SQL and JSONPath injections, as well as unspecified vulnerabilities in GitHub Enterprise Server. Organizations utilizing these products are advised to apply the latest security patches to mitigate potential exploitation risks.

Sens:24hConf:highAnalyzed:2026-03-19reports

Authors: Canadian Centre for Cyber Security

CVE-2026-22730VulnerabilityGitHub Enterprise ServerSpring AICVE-2026-22729

Source:Canadian Centre for Cyber Security

Key Takeaways

  • Spring AI is vulnerable to SQL Injection (CVE-2026-22730) and JSONPath Injection (CVE-2026-22729) in versions prior to 1.0.4 and 1.1.3.
  • GitHub Enterprise Server has multiple vulnerabilities addressed in recent patches across the 3.16.x to 3.19.x branches.
  • Administrators are strongly encouraged to apply the necessary vendor updates immediately to mitigate exploitation risks.

Affected Systems

  • Spring AI 1.0.x prior to 1.0.4
  • Spring AI 1.1.x prior to 1.1.3
  • GitHub Enterprise Server 3.19.x prior to 3.19.4
  • GitHub Enterprise Server 3.18.x prior to 3.18.7
  • GitHub Enterprise Server 3.17.x prior to 3.17.13
  • GitHub Enterprise Server 3.16.x prior to 3.16.16

Vulnerabilities (CVEs)

  • CVE-2026-22730
  • CVE-2026-22729

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

No detection rules or queries are provided in the advisory.

Detection Engineering Assessment

EDR Visibility: Low — EDR typically does not have deep visibility into application-level SQL or JSONPath injections without specific web server integrations or post-exploitation activity. Network Visibility: Medium — WAFs and network IDS/IPS may detect SQL injection or JSONPath injection payloads in transit if SSL/TLS inspection is enabled. Detection Difficulty: Moderate — Detecting specific exploitation requires application-layer logging and WAF rules tuned for SQLi and JSONPath injection targeting Spring AI endpoints.

Required Log Sources

  • Web Application Firewall (WAF) logs
  • Application audit logs
  • Database query logs

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
Search WAF and web access logs for anomalous SQL syntax or JSONPath expressions targeting Spring AI endpoints.WAF logs, Web server access logsInitial AccessMedium

Control Gaps

  • Lack of WAF inspection on internal API traffic
  • Insufficient database query logging

Key Behavioral Indicators

  • Unexpected SQL syntax in web requests
  • Anomalous JSONPath queries in API payloads

False Positive Assessment

  • Low

Recommendations

Immediate Mitigation

  • Update Spring AI to versions 1.0.4 or 1.1.3.
  • Update GitHub Enterprise Server to versions 3.19.4, 3.18.7, 3.17.13, or 3.16.16.

Infrastructure Hardening

  • Ensure Web Application Firewall (WAF) rules are updated to detect SQL injection and JSONPath injection attempts.

User Protection

  • N/A

Security Awareness

  • Monitor vendor security advisories for Spring and GitHub to stay informed of emerging vulnerabilities.

MITRE ATT&CK Mapping

  • T1190 - Exploit Public-Facing Application

Related