CVE-2026-23735

Sažetak

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the service when the context is injected via @ExecutionContext(). ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. This vulnerability is fixed in 2.4.1 and 3.1.1.

Reference

https://github.com/graphql-hive/graphql-modules/issues/2613
https://github.com/graphql-hive/graphql-modules/pull/2521
https://github.com/graphql-hive/graphql-modules/releases/tag/release-1768575025568
https://github.com/graphql-hive/graphql-modules/security/advisories/GHSA-53wg-r69p-v3r7

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

26-01-2026 - 15:05

Objavljeno

16-01-2026 - 20:15