{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-47835/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-15T20:06:56.646Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-47835","@id":"https://www.cve.org/CVERecord?id=CVE-2026-47835","description":"In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store.\n\nAffected versions:\nSpring AI 1.0.0 through 1.0.x (fix 1.0.9).\nSpring AI 1.1.0 through 1.1.x (fix 1.1.8)."},"products":[{"@id":"cpe:2.3:a:spring:spring_ai:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:spring:spring_ai:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 1.0.9, 1.1.8.","timestamp":"2026-06-15T20:06:56.646Z"}]}