CVE-2026-40970 | Vmware Spring Boot up to 4.0.5 Elasticsearch Auto-configuration certificate validation

A vulnerability, which was classified as critical, was found in Vmware Spring Boot up to 4.0.5. The impacted element is an unknown function of the component Elasticsearch Auto-configuration. Executing a manipulation can lead to improper certificate validation.

This vulnerability is tracked as CVE-2026-40970. The attack can be launched remotely. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More