Potential Denial of Service through crafted Sort Parameters_CVE-2026-41711

5.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.

Affected versions:
Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.

Basic Information

ID CVE-2026-41711

Source vmware

Published Jun 9, 2026 at 23:48

Affected Product

Vendor Spring

Product Spring Data Commons

Version 4.0.0

Affected Versions Spring Spring Data Commons 4.0.0
Spring Spring Data Commons 3.5.0
Spring Spring Data Commons 3.4.0
Spring Spring Data Commons 3.3.0
Spring Spring Data Commons 3.2.0
Spring Spring Data Commons 3.1.0
Spring Spring Data Commons 3.0.0
Spring Spring Data Commons 2.7.0

CWE Classification

CWE-400

References

spring.io /security/cve-2026-41711

{
    "lastseen": "",
    "description": "Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters.\n\nAffected versions:\nSpring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19.",
    "published": "2026-06-09T23:48:12.215Z",
    "modified": "2026-06-09T23:48:12.215Z",
    "type": "cve",
    "title": "Potential Denial of Service through crafted Sort Parameters",
    "source": "vmware",
    "references": "https://spring.io/security/cve-2026-41711",
    "id": "CVE-2026-41711",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "Spring Spring Data Commons 4.0.0\nSpring Spring Data Commons 3.5.0\nSpring Spring Data Commons 3.4.0\nSpring Spring Data Commons 3.3.0\nSpring Spring Data Commons 3.2.0\nSpring Spring Data Commons 3.1.0\nSpring Spring Data Commons 3.0.0\nSpring Spring Data Commons 2.7.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Spring Data Commons",
    "version": "4.0.0",
    "vendor": "Spring",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}