CVE Catalog

CVE-2026-41730

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A vulnerability in Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.

Risk Assessment

The risk involves potential leakage of sensitive information about database structure, queries, or configuration, which could facilitate attacks on the application.

Recommendation

It is recommended to immediately upgrade Spring Data REST to version 3.7.20, 4.3.17, 4.4.15, 4.5.12, or 5.0.6, depending on the branch in use.

Original NVD description (English source)

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS