Security Advisory

Spring Product Security Update Advisory

  • May 13 2026
Spring Product Security Update Advisory

Overview

A security update has been released to address a vulnerability in Spring products. the target is Spring AI, and users should update to the latest version.

Affected Products and Versions

  • Spring AI 1.0.0 and later, but earlier than 1.0.7.
  • Spring AI 1.1.0 and later but earlier than 1.1.6.

Resolved vulnerabilities

  • CVE-2026-41712: Data leakage vulnerability in Spring AI.
  • CVE-2026-41713: A prompt injection vulnerability in Spring AI.

Response

vulnerability patches have been provided in the latest update. you should update Spring AI to 1.0.7 or 1.1.6 by following the instructions on the reference site.

Tags:
Previous Post