Spring Data web support unbounded negative-result cache keyed on attacker-supplied...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.

Affected versions:
Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5.

Basic Information

ID CVE-2026-41716

Source vmware

Published Jun 9, 2026 at 23:48

Affected Product

Vendor Spring

Product Spring Data Commons

Version 2.7.0

Affected Versions Spring Spring Data Commons 2.7.0
Spring Spring Data Commons 3.3.0
Spring Spring Data Commons 3.4.0
Spring Spring Data Commons 3.5.0
Spring Spring Data Commons 4.0.0

CWE Classification

CWE-770

References

spring.io /security/cve-2026-41716

{
    "lastseen": "",
    "description": "Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests.\n\nAffected versions:\nSpring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14; 3.5.0 through 3.5.11; 4.0.0 through 4.0.5.",
    "published": "2026-06-09T23:48:20.282Z",
    "modified": "2026-06-09T23:48:20.282Z",
    "type": "cve",
    "title": "Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names",
    "source": "vmware",
    "references": "https://spring.io/security/cve-2026-41716",
    "id": "CVE-2026-41716",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "Spring Spring Data Commons 2.7.0\nSpring Spring Data Commons 3.3.0\nSpring Spring Data Commons 3.4.0\nSpring Spring Data Commons 3.5.0\nSpring Spring Data Commons 4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Spring Data Commons",
    "version": "2.7.0",
    "vendor": "Spring",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names_CVE-2026-41716