Arbitrary Query Execution Vulnerability in Spring AI by VMware
CVE-2026-47835

8.6HIGH

Key Information:

Vendor: Spring
Status: Spring Ai
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-47835?

The vulnerability in Spring AI Vector Stores allows attackers to exploit special characters to execute arbitrary queries on Elasticsearch, OpenSearch, and GemFire VectorDB. This can lead to unauthorized data exposure and manipulation. Affected components include spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfire-store. Users are advised to upgrade to the fixed versions for protection against this exploit.

Affected Version(s)

Spring AI 1.0.0 < 1.0.9

Spring AI 1.1.0 < 1.1.8

References

https://spring.io/security/cve-2026-47835

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-47835 Data

JSON