Home
HIGH: 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:NDefault status
unaffected
1.0.0 (oss) before 1.0.7
affected
1.1.0 (oss) before 1.1.6
affected
Description
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.
Problem types
CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine
Product status
1.0.0 (oss) before 1.0.7
1.1.0 (oss) before 1.1.6
Credits
Ahmed Sekka (GitHub: https://github.com/ahmed-sekka )
References
spring.io/security/cve-2026-41713
nvd.nist.gov/...N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N&version=3.1