org.springframework.ai:spring-ai-client-chat (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.springframework.ai:spring-ai-client-chat, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2026-41713 — CVSS 8.2 (high): A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way…
CVE-2026-41712 — CVSS 7.5 (high): Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data…