PatchSiren cyber security CVE debrief
CVE-2026-41711 Spring CVE debrief
A Denial of Service (DoS) vulnerability was discovered in Spring Data Commons, which can be exploited to cause a StackOverflowException when parsing Sort parameters. This vulnerability affects multiple versions of Spring Data Commons, including 4.0.0 through 4.0.5, 3.5.0 through 3.5.11, 3.4.0 through 3.4.14, 3.3.0 through 3.3.16, 3.2.0 through 3.2.15, 3.1.0 through 3.1.14, 3.0.0 through 3.0.15, and 2.7.0 through 2.7.19.
- Vendor
- Spring
- Product
- Spring Data Commons
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Developers and administrators using affected versions of Spring Data Commons should prioritize patching to prevent potential DoS attacks.
Technical summary
The vulnerability has a CVSS score of 5.9 and is classified as MEDIUM severity. It can be exploited remotely without authentication, and its successful exploitation can lead to a denial of service.
Defensive priority
High
Recommended defensive actions
- Upgrade to a patched version of Spring Data Commons.
- Review and update affected applications to use secure versions of Spring Data Commons.
Evidence notes
The CVE record was published on June 10, 2026, and last modified on June 10, 2026. The vulnerability is tracked under CWE-400.
Official resources
-
CVE-2026-41711 CVE record
CVE.org
-
CVE-2026-41711 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-41711 was published on 2026-06-10T00:16:51.337Z.