CVE Catalog

CVE-2026-47835

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

In Spring AI Vector Stores, a vulnerability allows the use of special characters to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components include: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store.

Risk Assessment

Exploitation of this vulnerability could lead to unauthorized access to data and execution of dangerous queries, posing a serious threat to the security of the application and the organization's data.

Recommendation

It is recommended to upgrade to version 1.0.9 or 1.1.8 to mitigate this vulnerability and secure the system against potential attacks.

Original NVD description (English source)

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9). Spring AI 1.1.0 through 1.1.x (fix 1.1.8).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS