CVE-2026-41713 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: May 12, 2026
Advisor - Stored XSS
Overview
Affected advisor contains a stored injection vulnerability caused by malicious user input stored in conversation memory, letting attackers manipulate model behavior across conversation turns, exploit requires user-controlled input.
Severity & Score
Impact
Attackers can manipulate model behavior across conversation turns, potentially causing unauthorized actions or data exposure.
Mitigation
Update to the latest version with input validation and sanitization.
References
Social Media Activity(2 posts)
š CVE-2026-41713 - High (8.2) A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavi... š https://www.thehackerwire.com/vulnerability/CVE-2026-41713/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-41713 - High (8.2) A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavi... š https://www.thehackerwire.com/vulnerability/CVE-2026-41713/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-41713
- Severity
- High
- CVSS Score
- 8.2
- Type
- stored_xss
- Status
- confirmed
- EPSS
- 3.3%
- Social Posts
- 2
CWE
- CWE-1336
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N