CVE-2026-40966

VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration

CVSS 5.9 MEDIUMEPSS 0.2%CWE-284

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.9EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 abr 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

VMware · Spring AI

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?version=3.1&vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N https://spring.io/security/cve-2026-40966