CVE-2026-47835
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
In Spring AI Vector Stores, a vulnerability allows the use of special characters to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components include: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store.
Risk Assessment
Exploitation of this vulnerability could lead to unauthorized access to data and execution of dangerous queries, posing a serious threat to the security of the application and the organization's data.
Recommendation
It is recommended to upgrade to version 1.0.9 or 1.1.8 to mitigate this vulnerability and secure the system against potential attacks.
Original NVD description (English source)
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9). Spring AI 1.1.0 through 1.1.x (fix 1.1.8).

