CVE-2026-41837 — Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. — CVE Database · The Intelligence Room