CVE-2026-41695
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.
Risk Assessment
An attacker can cause server overload, making the application unavailable and leading to financial losses or service disruption.
Recommendation
Immediately update Spring Data Commons to version 4.0.6, 3.5.12, or 3.4.15 (or later) and restrict trust in user-supplied input.
Original NVD description (English source)
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.

