VYPR

Maven package

org.springframework.boot/spring-boot-elasticsearch

pkg:maven/org.springframework.boot/spring-boot-elasticsearch

Vulnerabilities (1)

  • CVE-2026-40970MedApr 27, 2026
    affected >= 4.0.0, < 4.0.6fixed 4.0.6

    When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.