CVE Catalog

CVE-2026-41729

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile - higher than 19% of all known CVEs

Summary

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch requests. The map key is embedded directly into a SpEL expression without sanitization or validation.

Risk Assessment

An attacker could exploit this vulnerability to execute unauthorized code, potentially leading to data integrity breaches or information disclosure.

Recommendation

It is recommended to upgrade to the latest version of Spring Data REST to mitigate this vulnerability and implement additional input validation mechanisms.

Original NVD description (English source)

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS