Description
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store.

Affected versions:
Spring AI 1.0.0 through 1.0.x (fix 1.0.9).
Spring AI 1.1.0 through 1.1.x (fix 1.1.8).
Published: 2026-06-15
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Spring AI Vector Stores lack proper filtering of metadata that contains special characters. The flaw allows an attacker to inject arbitrary query fragments into the underlying Elasticsearch, OpenSearch, or GemFire VectorDB queries. The injection can lead to unintended data retrieval or manipulation, effectively giving the attacker the ability to execute arbitrary searches or commands against the datastore. The weakness is categorized as CWE‑943 for insecure handling of output or input.

Affected Systems

Components spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfire-store in Spring AI are affected. All releases from 1.0.0 through 1.0.x (fixed in 1.0.9) and 1.1.0 through 1.1.x (fixed in 1.1.8) carry the vulnerability. Applications incorporating these stores and exposing metadata handling are susceptible.

Risk and Exploitability

The CVSS score of 8.6 classifies the vulnerability as high severity, while the EPSS score of less than 1 % indicates a low exploitation probability. The issue is not listed in CISA’s KEV catalog. Attackers likely embed malicious query fragments in metadata sent through API endpoints. Successful exploitation could enable arbitrary search queries against the datastore and may lead to data disclosure or denial of service. Prompt remediation is recommended despite the low expected exploitation rate.

Generated by OpenCVE AI on June 18, 2026 at 01:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Spring AI to a fixed version (1.0.9 for the 1.0.x branch or 1.1.8 for the 1.1.x branch) or later.
  • Sanitize or escape all special characters in metadata before storing or querying in Elasticsearch, OpenSearch, or GemFire, replacing any custom processing that forwards raw input.
  • Restrict or secure the API endpoints that accept metadata by enforcing strict input validation and requiring proper authentication and authorization.

Generated by OpenCVE AI on June 18, 2026 at 01:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Fri, 19 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Spring
Spring spring Ai
Vendors & Products Spring
Spring spring Ai

Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0 through 1.0.x (fix 1.0.9). Spring AI 1.1.0 through 1.1.x (fix 1.1.8).
Title Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores
Weaknesses CWE-943
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}


Subscriptions

Spring Spring Ai
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-06-15T20:06:56.646Z

Reserved: 2026-05-20T10:00:51.003Z

Link: CVE-2026-47835

cve-icon Vulnrichment

Updated: 2026-06-15T20:06:51.729Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-15T20:16:28.840

Modified: 2026-06-16T15:23:55.263

Link: CVE-2026-47835

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T09:39:50Z

Weaknesses
  • CWE-943

    Improper Neutralization of Special Elements in Data Query Logic