Input Manipulation Flaw in Spring Advisor Affecting User-Driven Applications
CVE-2026-41713

8.2HIGH

Key Information:

Vendor: Vmware
Status: Spring Ai
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-41713?

A security vulnerability in Spring Advisor allows attackers to exploit user-controlled inputs, leading to unintended interpretations of data stored in conversation memory. This manipulation can alter model behavior throughout conversation turns, potentially undermining application integrity. Developers utilizing the affected versions of the Spring Advisor must patch this vulnerability to safeguard their applications from malicious exploitation.

Affected Version(s)

Spring AI 1.0.0 < 1.0.7

Spring AI 1.1.0 < 1.1.6

References

https://spring.io/security/cve-2026-41713

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vect...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 22, 2026

Credit

Ahmed Sekka (GitHub: https://github.com/ahmed-sekka )

CVE-2026-41713 Data

JSON