Memory Vulnerability in Spring AI Affects User Chat Histories
CVE-2026-40966

5.9MEDIUM

Key Information:

Vendor

Vmware
Status
Spring Ai
Vendor
CVE Published:
28 April 2026

What is CVE-2026-40966?

In Spring AI, a security issue exists where an attacker can bypass the isolation of user conversations, allowing them to extract sensitive information from other users' chat histories. This risk arises when applications utilize the VectorStoreChatMemoryAdvisor and permit user-inputted data as conversation identifiers. The vulnerability permits the injection of malicious filter logic, leading to potential exfiltration of secrets and credentials from memory.

Affected Version(s)

Spring AI 1.0.0 < 1.0.6

Spring AI 1.1.0 < 1.1.5

References

https://spring.io/security/cve-2026-40966
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vers...

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jinyeong Seol Seol-JY; Cantina's AppSec agent, Apex ( https://www.cantina.security )
.