5 matches found
CVE-2026-41712 vulnerabilities
Vulnerabilities for packages: camunda, camunda-zeebe...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +124 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-client-chat (>=2.0.0-M1 <=2.0.0-M5)
org.springframework.ai:spring-ai-client-chat MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +372 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-model (>=2.0.0-M1 <=2.0.0-M5)
org.springframework.ai:spring-ai-model MAVEN version =2.0.0-M1, =0.1.0, =0.1.0, =1.21.9, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2026-41712 Source advisory: OSV:GHSA-Q62F-H9X2-GCQC...
CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...
ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-ai (>=0.6.0 <=0.8.7) +115 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-openai (>=1.0.0-M5 <=1.0.6)
org.springframework.ai:spring-ai-openai MAVEN version =1.0.0-M5, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 - app.valuationcontrol:library =0.5.9 - com.alibaba.cloud.ai:spring-ai-alibaba-agent-nacos =1.0.0.4 -...