PatchSiren

absinthe-graphql CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH absinthe-graphql CVE published 2026-05-08

CVE-2026-43967

CVE-2026-43967 is a denial-of-service flaw in Absinthe GraphQL’s fragment validation path. A specially sized GraphQL document can trigger quadratic work in fragment-name uniqueness checking, causing excessive CPU use without authentication.