High severity8.2NVD Advisory· Published May 12, 2026· Updated May 12, 2026
CVE-2026-41713
CVE-2026-41713
Description
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.ai:spring-ai-client-chatMaven | < 1.0.7 | 1.0.7 |
org.springframework.ai:spring-ai-client-chatMaven | >= 1.1.0-M1, < 1.1.6 | 1.1.6 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-5852-phmh-8fhrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-41713ghsaADVISORY
- spring.io/security/cve-2026-41713nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln-metrics/cvss/v3-calculatornvdUS Government Resource
News mentions
2- Spring Projects: 25 Vulnerabilities Disclosed, Including SpEL Injection and Deserialization FlawsVypr Intelligence · Jun 10, 2026
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026