Spring Data REST exposes persistence-layer internals in error responses

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.

Affected versions:
Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.

Basic Information

ID CVE-2026-41730

Source vmware

Published Jun 9, 2026 at 23:49

Affected Product

Vendor Spring

Product Spring Data REST

Version 3.7.0

Affected Versions Spring Spring Data REST 3.7.0
Spring Spring Data REST 4.3.0
Spring Spring Data REST 4.4.0
Spring Spring Data REST 4.5.0
Spring Spring Data REST 5.0.0

CWE Classification

CWE-209

References

spring.io /security/cve-2026-41730

{
    "lastseen": "",
    "description": "Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.",
    "published": "2026-06-09T23:49:21.572Z",
    "modified": "2026-06-09T23:49:21.572Z",
    "type": "cve",
    "title": "Spring Data REST exposes persistence-layer internals in error responses",
    "source": "vmware",
    "references": "https://spring.io/security/cve-2026-41730",
    "id": "CVE-2026-41730",
    "bulletinFamily": "",
    "cwe": [
        "CWE-209"
    ],
    "cvelist": null,
    "sourceData": "Spring Spring Data REST 3.7.0\nSpring Spring Data REST 4.3.0\nSpring Spring Data REST 4.4.0\nSpring Spring Data REST 4.5.0\nSpring Spring Data REST 5.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Spring Data REST",
    "version": "3.7.0",
    "vendor": "Spring",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Spring Data REST exposes persistence-layer internals in error responses_CVE-2026-41730