CVE Catalog

CVE-2026-41711

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.

Risk Assessment

An attacker can send a specially crafted request with a Sort parameter, causing a stack overflow and application crash, resulting in denial of service.

Recommendation

It is recommended to immediately update Spring Data Commons to version 4.0.6, 3.5.12, 3.4.15, 3.3.17, 3.2.16, 3.1.15, 3.0.16, or 2.7.20, depending on the branch used.

Original NVD description (English source)

Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS