Cross-Site WebSocket Hijacking in Spring for GraphQL_CVE-2026-41700

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Description

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials.

Affected versions:
Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6.

Basic Information

ID CVE-2026-41700

Source vmware

Published Jun 11, 2026 at 05:04

Affected Product

Vendor Spring

Product Spring for GraphQL

Version 2.0.0

Affected Versions Spring Spring for GraphQL 2.0.0
Spring Spring for GraphQL 1.4.0
Spring Spring for GraphQL 1.3.0
Spring Spring for GraphQL 1.0.0

CWE Classification

CWE-346

References

spring.io /security/cve-2026-41700

{
    "lastseen": "",
    "description": "Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's credentials.\n\nAffected versions:\nSpring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6.",
    "published": "2026-06-11T05:04:47.722Z",
    "modified": "2026-06-11T05:04:47.722Z",
    "type": "cve",
    "title": "Cross-Site WebSocket Hijacking in Spring for GraphQL",
    "source": "vmware",
    "references": "https://spring.io/security/cve-2026-41700",
    "id": "CVE-2026-41700",
    "bulletinFamily": "",
    "cwe": [
        "CWE-346"
    ],
    "cvelist": null,
    "sourceData": "Spring Spring for GraphQL 2.0.0\nSpring Spring for GraphQL 1.4.0\nSpring Spring for GraphQL 1.3.0\nSpring Spring for GraphQL 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Spring for GraphQL",
    "version": "2.0.0",
    "vendor": "Spring",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}