CVE Catalog

CVE-2026-41695

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.

Risk Assessment

An attacker can cause server overload, making the application unavailable and leading to financial losses or service disruption.

Recommendation

Immediately update Spring Data Commons to version 4.0.6, 3.5.12, or 3.4.15 (or later) and restrict trust in user-supplied input.

Original NVD description (English source)

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS