โ† Back to Dashboard

CVE-2026-41699

HIGH NVD
CVSS Score
8.1
Severity
HIGH
Source
NVD
Published
Jun 11, 2026
Description

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Connection) field and the classpath contains specific classes that can be leveraged during deserialization. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8.

View Full Details โ† Back