CVE-2026-41713 PUBLISHED

Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

Assigner: vmware
Reserved: 22.04.2026 Published: 12.05.2026 Updated: 12.05.2026

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
CVSS Score: 8.2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	VMware
Product	Spring AI
Versions	Default: unaffected affected from 1.0.0 to 1.0.7 (excl.) affected from 1.1.0 to 1.1.6 (excl.)

Credits

Ahmed Sekka (GitHub: https://github.com/ahmed-sekka ) finder

References

Problem Types

CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine CWE