VYPR

Maven package

org.springframework.ai/spring-ai-advisors-vector-store

pkg:maven/org.springframework.ai/spring-ai-advisors-vector-store

Vulnerabilities (1)

  • CVE-2026-40966MedApr 28, 2026
    affected >= 1.0.0, < 1.0.6fixed 1.0.6

    In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user