CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-47835

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9). Spring AI 1.1.0 through 1.1.x (fix 1.1.8).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 36.7%

CVSS Severity

CVSS v3 Score 8.6

References

https://spring.io/security/cve-2026-47835

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-47835

Products

Pricing

Contact Us