381 matches found
CVE-2026-41697
CVE-2026-41697 affects Spring Data Relational/JDBC/R2DBC across multiple versions (4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14; 3.3.0–3.3.16; 3.2.0–3.2.15; 3.1.0–3.1.14; 3.0.0–3.0.15; 2.4.0–2.4.19). The root cause is improper escaping of binding values for StringMatcher (STARTING, ENDING, CONTAINING)...
CVE-2026-41696
Spring Data MongoDB CVE-2026-41696 affects multiple versions (5.0.0–5.0.5; 4.5.0–4.5.11; 4.4.0–4.4.14; 4.3.0–4.3.16; 4.2.0–4.2.15; 4.1.0–4.1.14; 4.0.0–4.0.15; 3.4.0–3.4.19). The issue is insufficient validation of bound parameters in repository query methods annotated with @Query that use regex b...
CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout
Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...
CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout
Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...
CVE-2026-41695 Denial of Service in Spring Data Commons Property Path Resolution
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...
EUVD-2026-35891
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...
CVE-2026-41695 Denial of Service in Spring Data Commons Property Path Resolution
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...
CVE-2026-41695
Spring Data Commons contains a Denial of Service risk (CVE-2026-41695) caused by resource exhaustion during property path resolution in MappingContext. Affected versions are Spring Data Commons 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14. The provided documents describe the issue and affected release...
CVE-2026-41696: Spring Data MongoDB Bind Parameter Literal Quoting Breakout
Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding e.g., @Query" name : /^\Q?0\E$/ " perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. When the...
CVE-2026-41721: Spring Data Commons Denial of Service via Data Binding
Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload , when an attacker sends a specially crafted HTTP request that causes the application to allocate...
CVE-2026-41728: Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections
Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected applications are those whose domain model includes an embeddable object, collection, or map property...
CVE-2026-41729: Spring Data REST SpEL Injection via Map Key in JSON Patch
Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch application/json-patch+json requests. When a persistent entity exposes a Map -typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL...
CVE-2026-41837: Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys
Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl...
CVE-2026-41695: Denial of Service in Spring Data Commons Property Path Resolution
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Specifically, an application is vulnerable when all of the following are true: Spring Data...
CVE-2026-41716: Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names
Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected applications are those using Spring Data features that forward HTTP-supplied strings to PropertyPath.from without prio...
CVE-2026-41717: Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding
Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. The application is vulnerable if all conditions...
CVE-2026-41719: Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator
A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator . The application is vulnerable if all conditions below are true:...
CVE-2026-41730: Spring Data REST exposes persistence-layer internals in error responses
Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected applications are those that expose a Spring Data REST repository backed by a relational JDBC/JPA store and do not apply additional...
CVE-2026-41697: Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern
Spring Data Relational does not properly escape binging values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. If an application actively wires externally-controlled input into a QBE probe, an attacker can supply wildcard characters...
CVE-2026-41711: Potential Denial of Service through crafted Sort Parameters
Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. This issue can occur if an application explicitly exposes an endpoint that accepts Sort parameters from untrusted sources and passes them on...