SB2026051173 - Multiple vulnerabilities in Spring AI

Description

This security bulletin contains information about 3 vulnerabilities.

1) SQL injection (CVE-ID: CVE-2026-41705)

The vulnerability allows a remote attacker to disclose sensitive information and delete data.

The vulnerability exists due to improper neutralization of special elements in a query in MilvusVectorStore#doDelete(List) when processing unsanitized document IDs in filter expressions. A remote attacker can supply crafted document IDs to disclose sensitive information and delete data.

2) Improper access control (CVE-ID: CVE-2026-41712)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper access control in the chat memory component when using the default conversation identifier. A remote attacker can access conversation data associated with the shared default identifier to disclose sensitive information.

The issue occurs when applications do not explicitly override the default conversation ID.

3) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2026-41713)

The vulnerability allows a remote attacker to manipulate model behavior across conversation turns.

The vulnerability exists due to improper neutralization of stored prompt content in PromptChatMemoryAdvisor when processing user-controlled input that is stored in conversation memory. A remote attacker can submit crafted input that is later interpreted by the model in an unintended way to manipulate model behavior across conversation turns.

Remediation

Install update from vendor's website.

References

• https://spring.io/security/cve-2026-41705
• https://spring.io/security/cve-2026-41712
• https://spring.io/security/cve-2026-41713