Spring Data MongoDB Bind Parameter Literal Quoting Breakout_CVE-2026-41696

5.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting.

Affected versions:
Spring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19.

Basic Information

ID CVE-2026-41696

Source vmware

Published Jun 9, 2026 at 23:47

Affected Product

Vendor Spring

Product Spring Data MongoDB

Version 5.0.0

Affected Versions Spring Spring Data MongoDB 5.0.0
Spring Spring Data MongoDB 4.5.0
Spring Spring Data MongoDB 4.4.0
Spring Spring Data MongoDB 4.3.0
Spring Spring Data MongoDB 4.2.0
Spring Spring Data MongoDB 4.1.0
Spring Spring Data MongoDB 4.0.0
Spring Spring Data MongoDB 3.4.0

CWE Classification

CWE-943

References

spring.io /security/cve-2026-41696

{
    "lastseen": "",
    "description": "Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting.\n\nAffected versions:\nSpring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19.",
    "published": "2026-06-09T23:47:37.883Z",
    "modified": "2026-06-09T23:47:37.883Z",
    "type": "cve",
    "title": "Spring Data MongoDB Bind Parameter Literal Quoting Breakout",
    "source": "vmware",
    "references": "https://spring.io/security/cve-2026-41696",
    "id": "CVE-2026-41696",
    "bulletinFamily": "",
    "cwe": [
        "CWE-943"
    ],
    "cvelist": null,
    "sourceData": "Spring Spring Data MongoDB 5.0.0\nSpring Spring Data MongoDB 4.5.0\nSpring Spring Data MongoDB 4.4.0\nSpring Spring Data MongoDB 4.3.0\nSpring Spring Data MongoDB 4.2.0\nSpring Spring Data MongoDB 4.1.0\nSpring Spring Data MongoDB 4.0.0\nSpring Spring Data MongoDB 3.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Spring Data MongoDB",
    "version": "5.0.0",
    "vendor": "Spring",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}