CVE-2026-41856
- EPSS 0.35%
- Veröffentlicht 11.06.2026 05:05:00
- Zuletzt bearbeitet 30.06.2026 22:16:56
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditio...
CVE-2026-41700
- EPSS 0.18%
- Veröffentlicht 11.06.2026 05:04:47
- Zuletzt bearbeitet 30.06.2026 22:16:53
Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL...
CVE-2026-41699
- EPSS 0.43%
- Veröffentlicht 11.06.2026 05:04:43
- Zuletzt bearbeitet 30.06.2026 22:16:46
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Con...
CVE-2023-34047
- EPSS 0.36%
- Veröffentlicht 20.09.2023 10:15:14
- Zuletzt bearbeitet 21.11.2024 08:06:28
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoade...