PatchSiren cyber security CVE debrief
CVE-2026-10802 keystonejs CVE debrief
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
- Vendor
- keystonejs
- Product
- keystone
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of keystonejs keystone up to 20260319
Technical summary
The vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption.
Defensive priority
LOW
Recommended defensive actions
- Apply the fix from https://github.com/keystonejs/keystone/pull/9831
- Review and consider applying patches from https://github.com/keystonejs/keystone/issues/9789
Evidence notes
The vulnerability has a CVSS score of 2.1 and is classified as LOW severity.
Official resources
Publicly disclosed