[Medium] CVE-2026-41837 – Spring Data REST's Querydsl integration accepts arbitrary persistent property pa...
Medium CVE-2026-41837 Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16;...