CVE-2026-41711
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.
Risk Assessment
An attacker can send a specially crafted request with a Sort parameter, causing a stack overflow and application crash, resulting in denial of service.
Recommendation
It is recommended to immediately update Spring Data Commons to version 4.0.6, 3.5.12, 3.4.15, 3.3.17, 3.2.16, 3.1.15, 3.0.16, or 2.7.20, depending on the branch used.
Original NVD description (English source)
Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.

