Vmware Spring Ai
5 CVEs affecting Vmware Spring Ai. Latest disclosed: 2026-05-12. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-22730 | High | 8.8 | 2026-03-18 | A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute ar… |
CVE-2026-22729 | High | 8.6 | 2026-03-18 | A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through… |
CVE-2026-41713 | High | 8.2 | 2026-05-12 | A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affect… |
CVE-2026-41712 | High | 7.5 | 2026-05-12 | Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users. |
CVE-2026-40966 | Medium | 5.9 | 2026-04-28 | In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials… |