CVE-2026-41713 Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...

CVE-2026-40966

Spring AI vulnerability CVE-2026-40966: VectorStoreChatMemoryAdvisor allows cross-tenant exfiltration by injecting filter logic through a user-supplied conversationId, bypassing chat isolation. Affected: apps using VectorStoreChatMemoryAdvisor with conversationId from input. Impact: confidentiali...

Create Self-Improving AI Agents Using Spring AI Recursive Advisors

The Spring AI ChatClient offers a fluent API for communicating with an AI model. The fluent API provides methods for building the constituent parts of a prompt that gets passed to the AI model as input. Advisors are a key part of the fluent API that intercept, modify, and enhance AI-driven...