keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption_CVE-2026-10802

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.

Basic Information

ID CVE-2026-10802

Source VulDB

Published Jun 4, 2026 at 11:15

Affected Product

Vendor keystonejs

Product keystone

Version 20260319

Affected Versions keystonejs keystone 20260319

CWE Classification

CWE-400 CWE-404

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.",
    "published": "2026-06-04T11:15:10.397Z",
    "modified": "2026-06-04T11:15:10.397Z",
    "type": "cve",
    "title": "keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/368251\nhttps://vuldb.com/vuln/368251/cti\nhttps://vuldb.com/cve/CVE-2026-10802\nhttps://vuldb.com/submit/831461\nhttps://github.com/keystonejs/keystone/issues/9789\nhttps://github.com/keystonejs/keystone/pull/9831\nhttps://gist.github.com/nedlir/0431275665076772844ebfe5167e54f6\nhttps://github.com/keystonejs/keystone/",
    "id": "CVE-2026-10802",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "keystonejs keystone 20260319",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "keystone",
    "version": "20260319",
    "vendor": "keystonejs",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}