CVE-2026-41730
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
A vulnerability in Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.
Risk Assessment
The risk involves potential leakage of sensitive information about database structure, queries, or configuration, which could facilitate attacks on the application.
Recommendation
It is recommended to immediately upgrade Spring Data REST to version 3.7.20, 4.3.17, 4.4.15, 4.5.12, or 5.0.6, depending on the branch in use.
Original NVD description (English source)
Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.

