5.9
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Description
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected.
Basic Information
ID
CVE-2026-40966
Source
vmware
Published
Apr 28, 2026 at 06:42
Modified
Apr 28, 2026 at 06:49
Affected Product
Vendor
VMware
Product
Spring AI
Version
1.0.0
Affected Versions
VMware Spring AI 1.0.0
VMware Spring AI 1.1.0
VMware Spring AI 1.1.0