CVE-2026-41719

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

CVE-2026-41719

Technical details about CVE-2026-41719 are not publicly available in the provided documents. Monitor for updates from official advisories; no specifics on affected products, vectors, or fixes are provided here.

SpEL Injection Attacks

spring-data-mongodb is vulnerable to Spring Expression Language SpEL injection. The vulnerability exists due to the non-sanitized input in the repository query method, allowing an attacker to inject and execute malicious SpEL to the repository query method when it is annotated with @Query or...

Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)

Updates 06-20 CVE-2022-22980 is published 06-20 Spring Data MongoDB 3.4.1 and 3.3.5 are available Table of Contents Overview Vulnerability Am I Impacted Status Suggested Workarounds Overview We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the followi...