CVE-2026-41695

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published Jun 10, 2026

Vendor unknown

Description

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.

References

https://spring.io/security/cve-2026-41695