CVE-2026-41713 Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

CVE-2026-22661

Prompts.chat is affected by a path-traversal vulnerability in skill file handling prior to commit 0f8d4c3. Attackers can craft ZIP archives with unsanitized filenames that include ../ path sequences, bypassing server-side filename validation, causing extraction to write files outside the intended...