CVE-2026-40966: CWE-284 Improper Access Control in VMware Spring AI
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected.
AI Analysis
Technical Summary
This vulnerability in VMware Spring AI arises from improper access control (CWE-284) where an attacker can manipulate the conversationId parameter to bypass conversation isolation. This enables unauthorized access to sensitive memory containing other users' chat histories, including secrets and credentials. The issue specifically impacts applications that use VectorStoreChatMemoryAdvisor and accept user input directly as conversationId. The CVSS 3.1 base score is 5.9, reflecting a medium severity with network attack vector, high attack complexity, no privileges required, no user interaction, and high confidentiality impact but no integrity or availability impact. No official patch or remediation guidance is currently available from the vendor.
Potential Impact
Successful exploitation allows an attacker to access sensitive memory from other users' chat histories, potentially exposing secrets and credentials. This compromises confidentiality but does not affect integrity or availability. The vulnerability requires network access and has a high attack complexity, meaning exploitation is not trivial. No known exploits are currently reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, applications should avoid passing user-supplied input directly as conversationId to VectorStoreChatMemoryAdvisor or implement strict validation and sanitization of this input to prevent injection of filter logic. Monitor vendor communications for updates on patches or official mitigations.
CVE-2026-40966: CWE-284 Improper Access Control in VMware Spring AI
Description
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in VMware Spring AI arises from improper access control (CWE-284) where an attacker can manipulate the conversationId parameter to bypass conversation isolation. This enables unauthorized access to sensitive memory containing other users' chat histories, including secrets and credentials. The issue specifically impacts applications that use VectorStoreChatMemoryAdvisor and accept user input directly as conversationId. The CVSS 3.1 base score is 5.9, reflecting a medium severity with network attack vector, high attack complexity, no privileges required, no user interaction, and high confidentiality impact but no integrity or availability impact. No official patch or remediation guidance is currently available from the vendor.
Potential Impact
Successful exploitation allows an attacker to access sensitive memory from other users' chat histories, potentially exposing secrets and credentials. This compromises confidentiality but does not affect integrity or availability. The vulnerability requires network access and has a high attack complexity, meaning exploitation is not trivial. No known exploits are currently reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, applications should avoid passing user-supplied input directly as conversationId to VectorStoreChatMemoryAdvisor or implement strict validation and sanitization of this input to prevent injection of filter logic. Monitor vendor communications for updates on patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- vmware
- Date Reserved
- 2026-04-16T02:18:56.133Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f0602fcbff5d8610cfd2bb
Added to database: 4/28/2026, 7:22:23 AM
Last enriched: 4/28/2026, 7:37:24 AM
Last updated: 4/29/2026, 5:00:14 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.