EXECUTIVE SUMMARY:
Multiple security vulnerabilities have been identified in Spring AI, a popular framework for simplifying AI integration for Spring developers. The affected versions include Spring AI 1.0.0 through 1.0.x and 1.1.0 through 1.1.x. These vulnerabilities pose a significant risk to the integrity and confidentiality of AI-driven applications, ranging from data destruction to cross-user data leakage and prompt injection. Security teams managing Spring AI deployments must prioritize these vulnerabilities to mitigate potential business risks and impacts, which include unauthorized data destruction, manipulation of AI model behavior, and exposure of sensitive user queries.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Multiple security vulnerabilities have been identified in Spring AI, a popular framework for simplifying AI integration for Spring developers. The affected versions include Spring AI 1.0.0 through 1.0.x and 1.1.0 through 1.1.x. These vulnerabilities pose a significant risk to the integrity and confidentiality of AI-driven applications, ranging from data destruction to cross-user data leakage and prompt injection. Security teams managing Spring AI deployments must prioritize these vulnerabilities to mitigate potential business risks and impacts, which include unauthorized data destruction, manipulation of AI model behavior, and exposure of sensitive user queries.[emaillocker id="1283"]
CVE-2026-41705 with a CVSS score of 8.6 – This vulnerability represents a direct threat to the integrity of vector databases due to a flaw in how the framework handles database deletions, allowing attackers to manipulate the filter expression and potentially trigger widespread and unauthorized data destruction.
CVE-2026-41713 with a CVSS score of 8.2 - this vulnerability highlights the unique dangers of persistent AI conversations. The flaw resides in the PromptChatMemoryAdvisor component.
CVE-2026-41712 with a CVSS score of 7.5 – This vulnerability exposes a critical architectural oversight regarding how Spring AI segregates user sessions, allowing attackers to exploit a hardcoded fallback value and expose sensitive user queries to strangers.
The identified vulnerabilities pose a significant risk to the integrity and confidentiality of AI-driven applications, with potential business consequences including unauthorized data destruction, manipulation of AI model behavior, and exposure of sensitive user queries. The urgency of addressing these vulnerabilities is high, as they can be exploited by attackers to disrupt business operations and compromise sensitive data.
RECOMMENDATION:
We recommend you to update Spring AI to version 1.0.7 or 1.1.6.
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/spring-ai-critical-vulnerabilities-data-destruction-memory-poisoning/