GHSA-Q62F-H9X2-GCQC Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

GHSA-5852-PHMH-8FHR Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +311 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.0.0-M7 <=1.0.6)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.7.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.6 and more Source cves: CVE-2026-41713 Source advisory: OSV:GHSA-5852-PHMH-8FHR...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +505 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-model MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =0.8.0, =0.7.0, =0.7.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-memory-long (>=1.1.0.0 <=1.1.2.2-retriever2), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (>=1.1.0.0 <=1.1.2.2-retriever2) +8 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.1.0-M3 <=1.1.5)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.1.0-M3, =1.1.0.0, =1.1.0.0, =1.1.0.0, =0.0.6, =4.17.0, =4.17.0, =4.20.0 - org.vrspace:server =0.8.7 Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +2 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +280 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.1.0, =1.1.0, =1.1.0, =1.1.4 and more Source cves: CVE-2026-41713 Source advisory: OSV:GHSA-5852-PHMH-8FHR...

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +445 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=1.0.0-M7 <=1.0.6)

org.springframework.ai:spring-ai-model MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.7.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.6 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +79 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-client-chat (>=2.0.0-M1 <=2.0.0-M5)

org.springframework.ai:spring-ai-client-chat MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.6.0 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +254 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=2.0.0-M1 <=2.0.0-M5)

org.springframework.ai:spring-ai-model MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =1.21.9, =1.54.0, =0.8.0, =0.0.1, =0.1.0, =0.21.0, =0.26.0 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...

CVE-2026-41712

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

CVE-2026-41712

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

EUVD-2026-29372

Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the applicati...

CVE-2026-34263

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

CVE-2026-34263

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

CVE-2026-34263 Missing authentication check in SAP Commerce cloud configuration

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Demo Khai thác Lỗ hổng Log4Shell CVE-2021-44228 Dự án này m...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework created by VMware Corporation in the Spring ecosystem, which integrates artificial intelligence and large language model capabilities. VMware Spring AI has a security vulnerability. This vulnerability allows malicious users to manipulate the behavior of...

This Week in Spring - May 12th, 2026

Hi, Spring fans! As I write this I am in Miami, FL at the CodeRemix.ai show, focused on the wide and wonderful world of OpenRewrite and Moderne. I've got a talk to give so let's dive right into it! a quick note about the upcoming release train dates in last week's installment of A Bootiful Podcas...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. VMware Spring AI has a security vulnerability, which stems from problematic default settings in the chat memory...