AIKIDO-2026-11172

spring-data-rest-core is vulnerable to Generation of Error Message Containing Sensitive Information

Generation of Error Message Containing Sensitive InformationCVE-2026-41730 Published Today

Medium Risk

This Affects:

spring-data-rest-core

0.0.1 - 3.7.19

Fixed in 3.7.20

4.0.0 - 4.3.16

Fixed in 4.3.17

4.4.0 - 4.4.14

Fixed in 4.4.15

4.5.0 - 4.5.11

Fixed in 4.5.12

5.0.0 - 5.0.5

Fixed in 5.0.6

Are you affected? Scan for Free

TL;DR

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

spring-data-rest-core is vulnerable to Generation of Error Message Containing Sensitive Information in versions 0.0.1 - 3.7.19, 4.0.0 - 4.3.16, 4.4.0 - 4.4.14, 4.5.0 - 4.5.11 and 5.0.0 - 5.0.5.

How to fix this

Upgrade the org.springframework.data:spring-data-rest-core library to the patch version. Affected applications are those that expose a Spring Data REST repository backed by a relational (JDBC/JPA) store and do not apply additional error-handling configuration or a Spring Security access policy that prevents unauthenticated access to the affected endpoints.

Medium Risk