Moole Vulnerability Database

Find real vulnerabilities before they ship

High

CVE-2026-41712

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.

VectorNETWORK

PublishedMay 12, 2026, 11:16

Published Bysecurity@vmware.com

Base Score

Score7.5

Affected Versions

Package (Ecosystem)IntroducedFixedLimit

org.springframework.ai:spring-ai-client-chat(Maven)01.0.7N/A

org.springframework.ai:spring-ai-client-chat(Maven)1.1.0-M11.1.6N/A

org.springframework.ai:spring-ai-client-chat(Maven)2.0.0-M12.0.0-M6N/A

org.springframework.ai:spring-ai-model(Maven)01.0.7N/A

org.springframework.ai:spring-ai-model(Maven)1.1.0-M11.1.6N/A

org.springframework.ai:spring-ai-model(Maven)2.0.0-M12.0.0-M6N/A

org.springframework.ai:spring-ai-advisors-vector-store(Maven)01.0.7N/A

org.springframework.ai:spring-ai-advisors-vector-store(Maven)1.1.0-M11.1.6N/A

org.springframework.ai:spring-ai-advisors-vector-store(Maven)2.0.0-M12.0.0-M6N/A

References

Weakness Type

CWE-276

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base SeverityHigh

Version

3.1

Attack Vector (AV)

NETWORK