AIKIDO-2026-11180

spring-data-mongodb is vulnerable to Improper Neutralization of Special Elements in Data Query Logic

Improper Neutralization of Special Elements in Data Query LogicCVE-2026-41696 Published Today

Medium Risk

This Affects:

spring-data-mongodb

0.0.0 - 3.4.19

Fixed in 3.4.20

4.0.0 - 4.3.16

Fixed in 4.3.17

4.4.0 - 4.4.14

Fixed in 4.4.15

4.5.0 - 4.5.11

Fixed in 4.5.12

5.0.0 - 5.0.5

Fixed in 5.0.6

Are you affected? Scan for Free

TL;DR

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding (e.g., @Query("{ name : /^\Q?0\E$/ }")) perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. When the repository is exposed to untrusted sources (e.g. via spring-data-rest). This can lead to unauthorized data exposure or bypass of intended query filters.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

spring-data-mongodb is vulnerable to Improper Neutralization of Special Elements in Data Query Logic in versions 0.0.0 - 3.4.19, 4.0.0 - 4.3.16, 4.4.0 - 4.4.14, 4.5.0 - 4.5.11 and 5.0.0 - 5.0.5.