CVE-2026-41712

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +15 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc MAVEN version =1.1.0-M1, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.1.0.0, =1.1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0 - io.github.ngirchev:opendaimon-spring-boot-starter =1.1.0 - io.github.wb04307201:spring-ai-loom-agent...

com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +2 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve Source cves: CVE-2026-40966 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316424...