CVE-2026-40970

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5

Description When configured to use an SSL bundle, the Elasticsearch auto-configuration fails to perform hostname verification during the connection to the Elasticsearch server. Hostname verification is a security process that ensures the server's certificate matches its actual hostname to prevent man-in-the-middle attacks.

Recommendations Upgrade to version 4.0.6 or later.