CVE-2026-41730
5.3 MEDIUMSpring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer intern...
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-209
Description
Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2025-52611 — HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability (3.1 LOW)
- CVE-2025-52606 — HCL iControl was affected by Weak Input Validation vulnerability (4.3 MEDIUM)
- CVE-2026-9794 — A flaw was found in Keycloak (5.3 MEDIUM)
- CVE-2026-42459 — free5GC is an open-source implementation of the 5G core network (7.5 HIGH)
- CVE-2026-1248 — IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages (4.3 MEDIUM)