CVE-2026-41713

CVE-2026-41713

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

Published May 11, 2026

https://spring.io/security/cve-2026-41713

CVSS ScoreHigh

8.8

Vulnerabilities

CVE-2026-41713

Published May 11, 2026

https://spring.io/security/cve-2026-41713

CVSS ScoreHigh

8.8

CVE-2026-41713 Security Details

CVE ID: CVE-2026-41713
CWE: CWE-1336
CVE Description: A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.
Published: May 11, 2026
CVSS Score & Severity: 8.8High
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0.031%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/springframework/ai/chat/client/advisor/PromptChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/ChatClientRequest;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientRequest;
JVMVulnerable params: 0
org/springframework/ai/chat/client/advisor/VectorStoreChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/advisor/api/AdvisedRequest;)Lorg/springframework/ai/chat/client/advisor/api/AdvisedRequest;
JVMVulnerable params: 0
org/springframework/ai/chat/client/advisor/vectorstore/VectorStoreChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/ChatClientRequest;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientRequest;
JVMVulnerable params: 0
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://spring.io/security/cve-2026-41713PROJECT

CVE-2026-41713 Security Details

CVE ID: CVE-2026-41713
CWE: CWE-1336
CVE Description: A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.
Published: May 11, 2026
CVSS Score & Severity: 8.8High
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0.031%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/springframework/ai/chat/client/advisor/PromptChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/ChatClientRequest;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientRequest;
JVMVulnerable params: 0
org/springframework/ai/chat/client/advisor/VectorStoreChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/advisor/api/AdvisedRequest;)Lorg/springframework/ai/chat/client/advisor/api/AdvisedRequest;
JVMVulnerable params: 0
org/springframework/ai/chat/client/advisor/vectorstore/VectorStoreChatMemoryAdvisor.before(Lorg/springframework/ai/chat/client/ChatClientRequest;Lorg/springframework/ai/chat/client/advisor/api/AdvisorChain;)Lorg/springframework/ai/chat/client/ChatClientRequest;
JVMVulnerable params: 0
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://spring.io/security/cve-2026-41713PROJECT

Find vulnerabilities. Fix fast with AI.

CVE-2026-41713

CVE-2026-41713 Security Details

CVE-2026-41713 Security Details