cbcvebase.
CVE-2026-47835
published 2026-06-15

CVE-2026-47835: In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB…

PriorityP352high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
EPSS
0.25%
16.6th percentile
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9). Spring AI 1.1.0 through 1.1.x (fix 1.1.8).

Affected

2 ranges
VendorProductVersion rangeFixed in
springspring_ai>= 1.0.0 < 1.0.91.0.9
springspring_ai>= 1.1.0 < 1.1.81.1.8
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.