Spring · Spring Ai · CVE-2026-47835
**Name of the Vulnerable Software and Affected Versions**
Spring AI versions prior to 1.0.9
Spring AI versions prior to 1.1.8
**Description**
Special characters can be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. This issue affects the `spring-ai-elasticsearch-store`, `spring-ai-opensearch-store`, and `spring-ai-gemfire-store` components.
**Recommendations**
Update to version 1.0.9 for versions in the 1.0.x branch.
Update to version 1.1.8 for versions in the 1.1.x branch.