Primary

Context

Spring AI Chat Memory Component Unintended Data Exposure Vulnerability

Vulnerability

A vulnerability in Spring AI's chat memory component could lead to unintended data exposure between users. This issue arises from a default setting that, if not explicitly changed, may allow data to be shared across user sessions.

Impact

Exploitation of this vulnerability could result in cross-user data leakage, allowing one user to access another user's data unintentionally.

Remediation

Users should upgrade to Spring AI version 1.0.7 or 1.1.6, depending on their current version. After upgrading, ensure that all 'ChatClient' calls using memory advisors explicitly set the conversation identifier, as the update removes the implicit default conversation ID.

Added: May 12, 2026, 11:22 AM

Updated: May 12, 2026, 11:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring AI Chat Memory Component Unintended Data Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Spring AI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating