Hostname Verification Flaw in Spring Boot’s Elasticsearch Auto-Configuration
CVE-2026-40970

5MEDIUM

Key Information:

Vendor

Spring

Status
Spring Boot
Vendor
CVE Published:
27 April 2026

What is CVE-2026-40970?

This vulnerability in Spring Boot’s Elasticsearch auto-configuration stems from the improper handling of hostname verification when utilizing an SSL bundle for connections to Elasticsearch servers. Without adequate validation of the server's hostname, there is a potential for man-in-the-middle attacks, which could compromise the integrity and confidentiality of sensitive data transmitted between applications.

Affected Version(s)

Spring Boot 4.0.0 < 4.0.6

References

https://spring.io/security/cve-2026-40970

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.