Primary

Context

Spring AI Prompt Injection Vulnerability via Memory Poisoning

Vulnerability

A prompt injection vulnerability has been identified in Spring AI versions 1.0.0 through 1.0.x and 1.1.0 through 1.1.x. This vulnerability allows a malicious user to craft input that is stored in conversation memory and later interpreted by the model in an unintended manner. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

Impact

Exploitation of this vulnerability could lead to unauthorized manipulation of model behavior, allowing for prompt injection attacks that could disrupt the intended functionality of the application.

Remediation

Users of affected Spring AI versions should upgrade to version 1.0.7 or 1.1.6, depending on their current version.

Added: May 12, 2026, 11:21 AM

Updated: May 12, 2026, 11:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring AI Prompt Injection Vulnerability via Memory Poisoning

Vulnerability

Impact

Remediation

Affected Products

VMware Spring AI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating