VMware Advisor Input Injection Alters Model Behavior: CVE-2026-41713 May 2026

Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

Vulnerability Analysis

CVE-2026-41713 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Products Associated with CVE-2026-41713

Want to know whenever a new CVE is published for VMware Spring Framework? stack.watch will email you.

VMware Advisor Input Injection Alters Model Behavior
CVE-2026-41713 Published on May 12, 2026

Vulnerability Analysis

Weakness Type

Products Associated with CVE-2026-41713

Affected Versions

VMware Advisor Input Injection Alters Model BehaviorCVE-2026-41713 Published on May 12, 2026

Vulnerability Analysis

Weakness Type

Products Associated with CVE-2026-41713

Affected Versions

VMware Advisor Input Injection Alters Model Behavior
CVE-2026-41713 Published on May 12, 2026