CVE-2026-41716

CVE-2026-41716 affects Spring Data Commons (versions 2.7.0–2.7.19; 3.3.0–3.3.16; 3.4.0–3.4.14; 3.5.0–3.5.11; 4.0.0–4.0.5). The issue is in Spring Data’s internal property-lookup cache, which accepts and permanently retains attacker-supplied strings as cache keys, enabling heap exhaustion through ...

CVE-2026-41007 Spring HATEOAS heap exhaustion through unbounded internal caching

Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3...