HIGHCVE-2026-41713Published Modified CNA vmware
CVE-2026-41713: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.
Metrics
- CVSS v3.1
- 8.2
- Severity
- HIGH
- Fixed in
- 1.0.7
- Affected Products
- 1
Fix available
1.0.71.1.6
Affected packages
- VMware / Spring AI< 1.0.7 (from 1.0.0) · < 1.1.6 (from 1.1.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:NReferences