VYPR

Spring For Graphql

by VMware

CVEs (3)

  • CVE-2026-41700HigJun 11, 2026
    risk 0.53cvss 8.1epss 0.00

    Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's…

  • CVE-2026-41699HigJun 11, 2026
    risk 0.53cvss 8.1epss 0.00

    Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Connection) field and the…

  • CVE-2026-41856HigJun 11, 2026
    risk 0.49cvss 7.5epss 0.00

    The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security…