VYPR
High severity8.2NVD Advisory· Published May 12, 2026· Updated May 12, 2026

CVE-2026-41713

CVE-2026-41713

Description

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.ai:spring-ai-client-chatMaven
< 1.0.71.0.7
org.springframework.ai:spring-ai-client-chatMaven
>= 1.1.0-M1, < 1.1.61.1.6

Affected products

1
  • cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*
    Range: >=1.0.0,<1.0.7

Patches

Vulnerability mechanics

References

4

News mentions

2