Spring AI Chat Memory Component Exposed Users to Cross-Tenant Data Leak via Risky Default Setting

A high-severity vulnerability in Spring AI's chat memory component has been identified, carrying a CVSS score of 7.5. The flaw stems from a problematic default configuration that, when left unaddressed by developers, can expose conversation data between different users. This represents a classic case of secure-by-default failure in an AI framework increasingly adopted across enterprise applications.

The vulnerability, tracked as CVE-2026-41712, specifically affects how Spring AI manages chat memory persistence. When the component's default settings are not explicitly overridden during implementation, user session data may be inadvertently shared or accessible across user boundaries. The risk is particularly acute for applications handling sensitive conversations, customer support interactions, or any system where message confidentiality between users is a baseline requirement.

Organizations utilizing Spring AI for conversational AI features should audit their implementations immediately. Security researchers recommend reviewing chat memory initialization code, verifying that storage isolation is explicitly configured, and confirming that user context boundaries are properly enforced at the application layer. Given the framework's growing footprint in enterprise Java environments, the potential attack surface extends to any deployment where developers relied on default behaviors without customized hardening. Patch status and official remediation guidance from Spring AI should be tracked closely as the situation develops.