GHSA-5852-phmh-8fhrHighCVSS 8.2

Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

Published
May 12, 2026
Last Modified
May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-41713

📋 Description

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

🎯 Affected products2

  • maven/org.springframework.ai:spring-ai-client-chat:< 1.0.7
  • maven/org.springframework.ai:spring-ai-client-chat:>= 1.1.0-M1, < 1.1.6

🔗 References (3)