Spring Data MongoDB

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-41717	Spring Projects Spring Data MongoDB	Hig	0.53	8.1	0.00		Jun 10, 2026	Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring…
CVE-2026-41696	Spring Projects Spring Data MongoDB	Med	0.38	5.9	0.00		Jun 10, 2026	Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring…

CVE-2026-41717HigJun 10, 2026
Spring Projects
Spring Data MongoDB
risk 0.53cvss 8.1epss 0.00
Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring…
CVE-2026-41696MedJun 10, 2026
Spring Projects
Spring Data MongoDB
risk 0.38cvss 5.9epss 0.00
Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring…