CVE-2026-40970: CWE-295: Improper Certificate Validation in Spring Spring Boot
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.
AI Analysis
Technical Summary
Spring Boot versions 4.0.0 to 4.0.5 contain a vulnerability (CWE-295) related to improper certificate validation in the Elasticsearch auto-configuration when configured with an SSL bundle. Specifically, hostname verification is not performed during SSL connections to the Elasticsearch server, which may allow attackers to intercept or manipulate communications. The issue is resolved by upgrading to version 4.0.6 or later as per the vendor's advisory.
Potential Impact
The vulnerability allows an attacker with network access to potentially perform man-in-the-middle attacks by exploiting the lack of hostname verification in SSL connections to Elasticsearch. This can lead to limited confidentiality, integrity, and availability impacts as indicated by the CVSS vector (C:L/I:L/A:L). No known active exploits have been reported.
Mitigation Recommendations
Upgrade affected Spring Boot versions from 4.0.0–4.0.5 to version 4.0.6 or later as recommended by the vendor. Patch status is confirmed by the vendor advisory indicating an official fix is available in version 4.0.6. No additional mitigations are specified.
CVE-2026-40970: CWE-295: Improper Certificate Validation in Spring Spring Boot
Description
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Spring Boot versions 4.0.0 to 4.0.5 contain a vulnerability (CWE-295) related to improper certificate validation in the Elasticsearch auto-configuration when configured with an SSL bundle. Specifically, hostname verification is not performed during SSL connections to the Elasticsearch server, which may allow attackers to intercept or manipulate communications. The issue is resolved by upgrading to version 4.0.6 or later as per the vendor's advisory.
Potential Impact
The vulnerability allows an attacker with network access to potentially perform man-in-the-middle attacks by exploiting the lack of hostname verification in SSL connections to Elasticsearch. This can lead to limited confidentiality, integrity, and availability impacts as indicated by the CVSS vector (C:L/I:L/A:L). No known active exploits have been reported.
Mitigation Recommendations
Upgrade affected Spring Boot versions from 4.0.0–4.0.5 to version 4.0.6 or later as recommended by the vendor. Patch status is confirmed by the vendor advisory indicating an official fix is available in version 4.0.6. No additional mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- vmware
- Date Reserved
- 2026-04-16T02:18:56.133Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69efb5d1ba26a39fba55640b
Added to database: 4/27/2026, 7:15:29 PM
Last enriched: 4/27/2026, 7:30:18 PM
Last updated: 4/27/2026, 8:19:49 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.