MEDIUM | JUNE 09, 2026 | CVE-2026-41701
Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected Spring Products and Versions Spring AMQP: 4.0.0 - 4.0.3 3.2.0 - 3.2.10 3.1.0 - 3.1.15 2.4.0 - 2.…
MEDIUM | JUNE 09, 2026 | CVE-2026-41714
Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification. Affected Spring Products…
HIGH | JUNE 09, 2026 | CVE-2026-41695
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Specifically, an application is vulnerable…
MEDIUM | JUNE 09, 2026 | CVE-2026-41696
Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding (e.g., @Query("{ name : /^\\Q?0\\E$/ }")) perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break…
MEDIUM | JUNE 09, 2026 | CVE-2026-41697
Spring Data Relational does not properly escape binging values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). If an application actively wires externally-controlled input into a…
HIGH | JUNE 09, 2026 | CVE-2026-41717
Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all…
MEDIUM | JUNE 09, 2026 | CVE-2026-41711
Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a
StackOverflowException when parsing Sort parameters. This issue can occur if an application explicitly exposes an endpoint that accepts Sort…
HIGH | JUNE 09, 2026 | CVE-2026-41716
Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected applications are those using Spring Data features that forward HTTP…
MEDIUM | JUNE 09, 2026 | CVE-2026-41719
A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. The application is vulnerable if all conditions…
MEDIUM | JUNE 09, 2026 | CVE-2026-41721
Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP…
