CVE-2026-41713

Summary

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

Affected Software

VendorProductVersion RangeStatus
VMwareSpring AI1.0.0 < 1.0.7affected
VMwareSpring AI1.1.0 < 1.1.6affected

Weaknesses

  • CWE-1336: CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References