MEDIUM | JUNE 09, 2026 | CVE-2026-40993
Description An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or…
HIGH | JUNE 09, 2026 | CVE-2026-41003
Description An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected Spring Products and Versions Spring Security: 5.7.0 - 5.7.23 5.8.0 - 5.8.25 6.3.0 - 6.…
MEDIUM | JUNE 09, 2026 | CVE-2026-41008
Description Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated…
LOW | JUNE 09, 2026 | CVE-2026-41694
Description Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption…
HIGH | JUNE 09, 2026 | CVE-2026-41695
Description Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Specifically, an application is vulnerable…
MEDIUM | JUNE 09, 2026 | CVE-2026-41696
Description Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding (e.g., @Query("{ name : /^\\Q?0\\E$/ }")) perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break…
MEDIUM | JUNE 09, 2026 | CVE-2026-41697
Description Spring Data Relational does not properly escape binging values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). If an application actively wires externally-controlled input into a…
MEDIUM | JUNE 09, 2026 | CVE-2026-41714
Description Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification. Affected Spring Products…
HIGH | JUNE 09, 2026 | CVE-2026-41716
Description Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected applications are those using Spring Data features that forward HTTP…
MEDIUM | JUNE 09, 2026 | CVE-2026-41711
Description Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a
StackOverflowException when parsing Sort parameters. This issue can occur if an application explicitly exposes an endpoint that accepts Sort…
