HIGH
Cna
CVE published 2026-05-08
CVE-2026-42793
CVE-2026-42793 is an unauthenticated denial-of-service issue in absinthe-graphql Absinthe. When attacker-controlled GraphQL SDL is parsed, multiple Blueprint.Draft.convert/2 paths call String.to_atom/1 on untrusted names such as directive, field, type, and argument names. Because atoms are never garbage-collected and the BEAM atom table has a fixed limit, repeated unique names can permanently consume atom [truncated]