CVE-2026-41713

EPSS 0.03%
Veröffentlicht 12.05.2026 10:17:39
Zuletzt bearbeitet 12.05.2026 19:25:06
Quelle security@vmware.com
CVE-Watchlists
Login
Unerledigt
Login

Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VMware ≫ Spring Ai Version >= 1.0.0 < 1.0.7

VMware ≫ Spring Ai Version >= 1.1.0 < 1.1.6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.09

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@vmware.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

https://spring.io/security/cve-2026-41713

Vendor Advisory

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N&version=3.1

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2026-41713

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-41713

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-41713

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-41713