CVE 8.2 HIGH

Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor_CVE-2026-41713

May 12, 2026 invoker category_cve
8.2 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Description

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

Basic Information

ID CVE-2026-41713
Source vmware
Published May 12, 2026 at 10:17
Modified May 12, 2026 at 10:19

Affected Product

Vendor VMware
Product Spring AI
Version 1.0.0
Affected Versions VMware Spring AI 1.0.0
VMware Spring AI 1.1.0

CWE Classification

CWE-1336

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.