CVE-2026-41732

CVE-2026-41732 affects Spring for Apache Pulsar due to JsonPulsarHeaderMapper using a prefix-based check on trusted packages, causing trust to cascade to subpackages. An empty trusted-packages config can default to trusting all packages. This exposes potential deserialization risk by allowing acc...