CVE-2026-47835 PUBLISHED

Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

Assigner: vmware
Reserved: 20.05.2026 Published: 15.06.2026 Updated: 15.06.2026

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store.

Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9). Spring AI 1.1.0 through 1.1.x (fix 1.1.8).

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVSS Score: 8.6

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Spring
Product	Spring AI
Versions	Default: unaffected affected from 1.0.0 to 1.0.9 (excl.) affected from 1.1.0 to 1.1.8 (excl.)

References

https://spring.io/security/cve-2026-47835

Problem Types

CWE-943: Improper Neutralization of Special Elements in Data Query Logic CWE

Impacts

Per CVSS v3.1: Confidentiality HIGH; Integrity LOW; Availability LOW.