EUVD-2026-35910

🗓️ 10 Jun 2026 00:31:52Reported by EUVDType

Querydsl filters may expose arbitrary property paths by ignoring Jackson in Spring Data REST.

Reporter	Title	Published	Views	Family All 5
Circl	CVE-2026-41837	10 Jun 202600:50	–	circl
CVE	CVE-2026-41837	9 Jun 202623:49	–	cve
Cvelist	CVE-2026-41837 Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys	9 Jun 202623:49	–	cvelist
NVD	CVE-2026-41837	10 Jun 202600:16	–	nvd
Positive Technologies	PT-2026-48329	9 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "db58f3f5-fb53-310e-be24-cba400a0b7ea",
        "vendor": {
          "name": "Spring"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0edb97a9-bb1d-35c3-b000-edfc6b7659b4",
        "product": {
          "name": "Spring Data REST",
          "vendor": {
            "name": "n/a"
          }
        },
        "product_version": "4.3.0 <4.3.17"
      },
      {
        "id": "4b1b9c55-aa16-3570-aed8-b20418bc9c16",
        "product": {
          "name": "Spring Data REST",
          "vendor": {
            "name": "n/a"
          }
        },
        "product_version": "5.0.0 <5.0.6"
      },
      {
        "id": "6bc37465-bc17-3668-bcf8-81a3f44e5a0f",
        "product": {
          "name": "Spring Data REST",
          "vendor": {
            "name": "n/a"
          }
        },
        "product_version": "3.7.0 <3.7.20"
      },
      {
        "id": "86aaadc9-f104-350a-9f29-67662daf1776",
        "product": {
          "name": "Spring Data REST",
          "vendor": {
            "name": "n/a"
          }
        },
        "product_version": "4.5.0 <4.5.12"
      },
      {
        "id": "e9b0c5c8-1d65-302f-bd66-7051eead88d3",
        "product": {
          "name": "Spring Data REST",
          "vendor": {
            "name": "n/a"
          }
        },
        "product_version": "4.4.0 <4.4.15"
      }
    ]
  }
]

Source	Link
spring	www.spring.io/security/cve-2026-41837
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-41837

10 Jun 2026 00:31Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.3