CVE-2026-41712

CVE-2026-41712

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.

Published May 11, 2026

https://spring.io/security/cve-2026-41712

CVSS ScoreHigh

8.7

CVE-2026-41712 Security Details

CVE ID: CVE-2026-41712
CWE: CWE-276
CVE Description: Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.
Published: May 11, 2026
CVSS Score & Severity: 8.7High
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0.033%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/springframework/ai/chat/client/advisor/MessageChatMemoryAdvisor.after(Lorg/springframework/ai/chat/client/ChatClientResponse;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientResponse;
JVM
org/springframework/ai/chat/client/advisor/MessageChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/ChatClientRequest;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientRequest;
JVM
org/springframework/ai/chat/client/advisor/vectorstore/VectorStoreChatMemoryAdvisor.after(Lorg/springframework/ai/chat/client/ChatClientResponse;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientResponse;
JVM
org/springframework/ai/chat/client/advisor/vectorstore/VectorStoreChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/ChatClientRequest;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientRequest;
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://spring.io/security/cve-2026-41712PROJECT

CVE-2026-41712 Security Details

CVE ID: CVE-2026-41712
CWE: CWE-276
CVE Description: Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.
Published: May 11, 2026
CVSS Score & Severity: 8.7High
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0.033%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/springframework/ai/chat/client/advisor/MessageChatMemoryAdvisor.after(Lorg/springframework/ai/chat/client/ChatClientResponse;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientResponse;
JVM
org/springframework/ai/chat/client/advisor/MessageChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/ChatClientRequest;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientRequest;
JVM
org/springframework/ai/chat/client/advisor/vectorstore/VectorStoreChatMemoryAdvisor.after(Lorg/springframework/ai/chat/client/ChatClientResponse;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientResponse;
JVM
org/springframework/ai/chat/client/advisor/vectorstore/VectorStoreChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/ChatClientRequest;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientRequest;
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://spring.io/security/cve-2026-41712PROJECT

Find vulnerabilities. Fix fast with AI.

CVE-2026-41712

CVE-2026-41712 Security Details

CVE-2026-41712 Security Details