Vmware Spring For Graphql — known CVE vulnerabilities
Every CVE whose affected-product data names Vmware Spring For Graphql, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-41699 — CVSS 8.1 (high): Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a…
CVE-2026-41700 — CVSS 8.1 (high): Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can…
CVE-2026-41856 — CVSS 7.5 (high): The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within…
CVE-2023-34047 — CVSS 3.1 (low): A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values…