ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +369 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=2.0.0-M1 <=2.0.0-M5)

org.springframework.ai:spring-ai-model MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =1.21.9, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +328 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.0.0-M7 <=1.0.6)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.7.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 - ai.intelliswarm:swarmai-rag =1.0.28 and more Source cves: CVE-2026-41713 Source advisory:...

com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +3 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve - com.alibaba.cloud.ai:spring-ai-alibaba-studio-client =1.0.0.4 Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-model-chat-memory-mem0 (=2.0.0-M1.1), com.alibaba.cloud.ai:spring-ai-alibaba-model-chat-memory-repository-mem0 (=2.0.0-M1.1) +2 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-advisors-vector-store (>=2.0.0-M1 <=2.0.0-M4)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =2.0.0-M1, =0.1.0, =0.1.1 Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +123 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-client-chat (>=2.0.0-M1 <=2.0.0-M5)

org.springframework.ai:spring-ai-client-chat MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +288 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.1.0, =1.1.0, =1.1.0, =1.1.4 and more Source cves: CVE-2026-41713 Source advisory: OSV:GHSA-5852-PHMH-8FHR...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +288 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-client-chat (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.1.0, =1.1.0, =1.1.0, =1.1.4 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-memory-long (>=1.1.0.0 <=1.1.2.3), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (>=1.1.0.0 <=1.1.2.3) +8 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.1.0-M3 <=1.1.5)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.1.0-M3, =1.1.0.0, =1.1.0.0, =1.1.0.0, =0.0.6, =1.1.19, =1.1.19, =1.1.19, =4.17.0, =4.17.0, =4.20.0 - org.vrspace:server =0.8.7 Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +468 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=1.0.0-M7 <=1.0.6)

org.springframework.ai:spring-ai-model MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.7.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 - ai.intelliswarm:swarmai-rag =1.0.28 and more Source cves: CVE-2026-41712 Source advisory:...

GHSA-5852-PHMH-8FHR Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

GHSA-Q62F-H9X2-GCQC Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

CVE-2026-41712

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

CVE-2026-41712

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

PT-2026-40006

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. VMware Spring AI has a security vulnerability, which stems from problematic default settings in the chat memory...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework created by VMware Corporation in the Spring ecosystem, which integrates artificial intelligence and large language model capabilities. VMware Spring AI has a security vulnerability. This vulnerability allows malicious users to manipulate the behavior of...

org.springframework.ai:spring-ai-starter-vector-store-typesense (>=1.0.0 <=1.0.6) potentially affected by CVE-2026-41705 via org.springframework.ai:spring-ai-typesense-store (>=1.0.0 <=1.0.6)

org.springframework.ai:spring-ai-typesense-store MAVEN version =1.0.0, =1.0.0, =1.0.6 Source cves: CVE-2026-41705 Source advisory: OSV:GHSA-V632-2M87-7469...

GHSA-V632-2M87-7469 Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

org.springframework.ai:spring-ai-starter-vector-store-typesense (>=1.1.0 <=1.1.5) potentially affected by CVE-2026-41705 via org.springframework.ai:spring-ai-typesense-store (>=1.1.0 <=1.1.5)

org.springframework.ai:spring-ai-typesense-store MAVEN version =1.1.0, =1.1.0, =1.1.5 Source cves: CVE-2026-41705 Source advisory: OSV:GHSA-V632-2M87-7469...

org.springframework.ai:spring-ai-starter-vector-store-milvus (>=1.1.0 <=1.1.5) potentially affected by CVE-2026-41705 via org.springframework.ai:spring-ai-milvus-store (>=1.1.0 <=1.1.5)

org.springframework.ai:spring-ai-milvus-store MAVEN version =1.1.0, =1.1.0, =1.1.5 Source cves: CVE-2026-41705 Source advisory: OSV:GHSA-V632-2M87-7469...