CVE-2026-41713
VMware · Spring AI
An improper neutralization vulnerability in VMware Spring AI allows unauthenticated attackers to inject malicious input into conversation memory, causing unintended model interpretation.
Executive summary
A template injection vulnerability in VMware Spring AI enables unauthenticated attackers to manipulate model interpretation through conversation memory, posing a significant risk of data integrity compromise.
Vulnerability
This vulnerability (CWE-1336) involves improper neutralization of special elements within a template engine, allowing unauthenticated remote attackers to trigger unintended behavior via crafted inputs stored in the application's conversation memory.
Business impact
Successful exploitation allows an attacker to manipulate the output or behavior of the AI model, potentially leading to unauthorized information disclosure or the injection of malicious instructions. With a CVSS score of 8.2, this vulnerability represents a high risk to application integrity and data security, necessitating prompt remediation to prevent potential misuse of AI-driven workflows.
Remediation
Immediate Action: Update the org.springframework.ai:spring-ai-client-chat library to version 1.0.7 or 1.1.6 as specified by the vendor.
Proactive Monitoring: Review application logs for unusual input patterns in chat history or unexpected model responses that deviate from expected operational parameters.
Compensating Controls: Implement strict input validation and sanitization filters on all user-supplied data entering the conversation memory to neutralize template-specific special elements.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Given the high severity and the potential for direct manipulation of AI model inputs, organizations using VMware Spring AI must prioritize upgrading to the patched versions immediately. Failure to address this vulnerability could allow unauthorized parties to compromise the integrity of AI-assisted decision-making processes.