CVE-2026-41713

High

Published: 12 May 2026

Published

12 May 2026

Modified

12 May 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

EPSS Score 0.0003 9.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-41713 is a high-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Spring (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, ranked at the 9.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation…

turns.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-1336

Affected Products

Spring

—

inferred from references and description; NVD did not file a CPE for this CVE

References

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N&version=3.1
security@vmware.com
https://spring.io/security/cve-2026-41713
security@vmware.com