CVE-2026-41712

Analyzed Analyzed - Analysis Complete

BaseFortify

Publication date: 2026-05-12

Last updated on: 2026-05-12

Assigner: VMware

Description

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-12

Last Modified

2026-05-12

Generated

2026-05-20

EPSS Evaluated

2026-05-19

NVD

CVE-2026-41712

Affected Vendors & Products

Vendor	Product	Version / Range
vmware	spring_ai	From 1.0.0 (inc) to 1.0.7 (exc)
vmware	spring_ai	From 1.1.0 (inc) to 1.1.6 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-276	During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-41712

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart