Zero Day MonitorZDM

← Back to list

5.9

CVE-2026-40966EXPLOITEDPATCHED

spring · spring ai

VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration

Description

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected.

Affected Products

Vendor	Product	Versions
spring	spring ai	1.0.0, 1.1.0

References

Related News (2 articles)

Tier C

VulDB1d ago

CVE-2026-40966 | Vmware Spring AI up to 1.0.5/1.1.4 Conversation access control

→ No new info (linked only)

Tier B

CERT-FR1d ago

Multiples vulnérabilités dans Spring (28 avril 2026)

→ No new info (linked only)

CVSS 3.15.9 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.0.61.1.5

CWECWE-284

PublishedApr 28, 2026

Last enriched1d agov2

Tags

CVE-2026-40966

Trending Score47

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-40967EXP

CVE-2026-40967: In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to

CRITICALCVE-2026-40976EXP

CVE-2026-40976: In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoint

HIGHCVE-2026-40978EXP

CVE-2026-40978: SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via c

HIGHCVE-2026-40968EXP

Spring gRPC SecurityContext leaks across requests on authorization failure

CRITICALCVE-2026-40974EXP

CVE-2026-40974: Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 28, 2026

Discovered by ZDM

Apr 28, 2026

Updated: severity, affectedVersions, activelyExploited, tags

Apr 28, 2026

Actively Exploited

Apr 28, 2026

Patch Available

Apr 28, 2026

Version History

v2

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL, added affected versions 1.0.5 and 1.1.4, and noted that the vulnerability is actively exploited.

severityaffectedVersionsactivelyExploitedtags

via VulDB

v11d ago

Initial creation