CVE-2026-41730 is a vulnerability in Spring Data REST where the framework serializes the entire exception cause chain into HTTP error responses. This results in error messages containing sensitive information about the persistence layer being exposed to clients. The affected versions include 3.7.0 through 3.7.19, 4.3.0 through 4.3.16, 4.4.0 through 4.4.14, 4.5.0 through 4.5.11, and 5.0.0 through 5.0.5. The vulnerability is classified under CWE-209 (Generation of Error Message Containing Sensitive Information). There is no vendor advisory or patch information provided, and the remediation level is not specified.

The vulnerability allows HTTP clients to receive error responses that include detailed exception cause chains, potentially revealing sensitive internal information about the persistence layer. This information disclosure could aid attackers in understanding the backend system and crafting further attacks. The CVSS score is 5.3 (medium severity), indicating limited confidentiality impact without integrity or availability effects.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider implementing custom error handling to prevent serialization of full exception chains in HTTP responses, thereby limiting sensitive information exposure.