CVE-2026-41729
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk19th percentile - higher than 19% of all known CVEs
Summary
Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch requests. The map key is embedded directly into a SpEL expression without sanitization or validation.
Risk Assessment
An attacker could exploit this vulnerability to execute unauthorized code, potentially leading to data integrity breaches or information disclosure.
Recommendation
It is recommended to upgrade to the latest version of Spring Data REST to mitigate this vulnerability and implement additional input validation mechanisms.
Original NVD description (English source)
Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.

