- Description
- Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6.
- Source
- security@vmware.com
- NVD status
- Analyzed
- Products
- spring_for_graphql
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- HIGH
- security@vmware.com
- CWE-346
- Hype score
- Not currently trending
Spring for GraphQL Vulnerability CVE-2026-41700: Patch Urgently https://t.co/pQfitJz5mB #Cybertrending #Cybernewsdaily #Cybersecurity
@cybrsecpath
13 Jun 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 HIGH SEVERITY: CVE-2026-41700 (CVSS 8.1) Spring for GraphQL WebSocket transport vulnerable to Cross-Site WebSocket Hijacking. Attackers can execute arbitrary GraphQL operations with victim credentials. Affected: v1.0.0-2.0.3 #CVE #Vulnerability #PatchNow https://t.co/WhQJ
@DFIR_Lab
12 Jun 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2026-41700 Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated use… https://t.co/vR9N4B9gKV ----- Traducción: CVE-2026-41700 Spr… https://t.co/utmtNg
@infoflowcloud
11 Jun 2026
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8081FE74-21D1-4A99-BD7D-EC79761CC5FE",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F58A3E0-F0B6-41B9-9257-D20CF2396F2B",
"versionEndExcluding": "1.3.9",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "122B3480-2A1A-4DBA-A0D2-766A49180264",
"versionEndExcluding": "1.4.6",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8ABB1C-2F5B-425C-AD86-0122B0151D33",
"versionEndExcluding": "2.0.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]