|
Vulnerabilities
< Back

CVE-2026-41719

Updated on 09 Jun 2026

Severity

6.4 Medium severity

Details

CVSS score
6.4
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

SVG ImageDescription

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator.

The application is vulnerable if all conditions below are true:

  1. The SpelPropertyComparator is used for sorting.
  2. The method is exposed to untrusted input (e.g. via a custom REST endpoint)
  3. Unsanitized user input is directly passed to the method.

SVG ImageAffected Spring Products and Versions

Spring Data KeyValue:

  • 4.0.0 to 4.0.5
  • 3.5.0 to 3.5.11
  • 3.4.0 to 3.4.14
  • 3.3.0 to 3.3.16
  • 3.2.0 to 3.2.15
  • 3.1.0 to 3.1.14
  • 3.0.0 to 3.0.15
  • 2.7.0 to 2.7.19
  • older unsupported versions

Spring Data Redis (through Spring Data KeyValue):

  • 4.0.0 to 4.0.5
  • 3.5.0 to 3.5.11
  • 3.4.0 to 3.4.14
  • 3.3.0 to 3.3.16
  • 3.2.0 to 3.2.15
  • 3.1.0 to 3.1.14
  • 3.0.0 to 3.0.15
  • 2.7.0 to 2.7.19
  • older unsupported versions

SVG ImageMitigation

Users of affected versions should upgrade to the corresponding fixed version of Spring Data KeyValue.

Affected version(s) Fix version Availability
4.0.x 4.0.6 OSS
3.5.x 3.5.12 OSS
3.4.x 3.4.15 Enterprise Support Only
3.3.x 3.3.17 Enterprise Support Only
2.7.x 2.7.20 Enterprise Support Only

SVG ImageReferences

SVG ImageHistory

  • 2026-06-09: Initial vulnerability report published.

Details

Affected product:
Spring
Affected packages:
Spring Data @ 2.7.18 (+77 more)

SVG ImageDescription

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator.

The application is vulnerable if all conditions below are true:

  1. The SpelPropertyComparator is used for sorting.
  2. The method is exposed to untrusted input (e.g. via a custom REST endpoint)
  3. Unsanitized user input is directly passed to the method.

SVG ImageAffected Spring Products and Versions

Spring Data KeyValue:

  • 4.0.0 to 4.0.5
  • 3.5.0 to 3.5.11
  • 3.4.0 to 3.4.14
  • 3.3.0 to 3.3.16
  • 3.2.0 to 3.2.15
  • 3.1.0 to 3.1.14
  • 3.0.0 to 3.0.15
  • 2.7.0 to 2.7.19
  • older unsupported versions

Spring Data Redis (through Spring Data KeyValue):

  • 4.0.0 to 4.0.5
  • 3.5.0 to 3.5.11
  • 3.4.0 to 3.4.14
  • 3.3.0 to 3.3.16
  • 3.2.0 to 3.2.15
  • 3.1.0 to 3.1.14
  • 3.0.0 to 3.0.15
  • 2.7.0 to 2.7.19
  • older unsupported versions

SVG ImageMitigation

Users of affected versions should upgrade to the corresponding fixed version of Spring Data KeyValue.

Affected version(s) Fix version Availability
4.0.x 4.0.6 OSS
3.5.x 3.5.12 OSS
3.4.x 3.4.15 Enterprise Support Only
3.3.x 3.3.17 Enterprise Support Only
2.7.x 2.7.20 Enterprise Support Only

SVG ImageReferences

SVG ImageHistory

  • 2026-06-09: Initial vulnerability report published.