# CVE-2026-40966

> Vulnerability · severity: **MEDIUM** (CVSS 5.9).

## Description

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected.

## Key facts

- **CVE ID:** CVE-2026-40966
- **Published:** 2026-04-28
- **CVSS severity:** MEDIUM
- **CVSS base score:** 5.9
- **CWE codes:** CWE-284

## Affected products

- `vmware:spring_ai`

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-40966

## Citation

> AI Analytics. CVE-2026-40966. Retrieved 2026-07-15 from https://api.ai-analytics.org/cve/CVE-2026-40966. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*