CVE-2026-10802
4.3 MEDIUMA vulnerability was detected in keystonejs keystone up to 20260319
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-400, CWE-404
Description
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10802
- [Other]https://gist.github.com/nedlir/0431275665076772844ebfe5167e54f6
- [Other]https://github.com/keystonejs/keystone/
- [Other]https://github.com/keystonejs/keystone/issues/9789
- [Other]https://github.com/keystonejs/keystone/pull/9831
- [Other]https://vuldb.com/cve/CVE-2026-10802
- [Other]https://vuldb.com/submit/831461
- [Other]https://vuldb.com/vuln/368251
- [Other]https://vuldb.com/vuln/368251/cti
Related CVEs
Same CWE
- CVE-2026-47734 — Dulwich is a pure-Python implementation of the Git file formats and protocols (5.7 MEDIUM)
- CVE-2026-47213 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (6.5 MEDIUM)
- CVE-2026-46689 — Kanidm is an identity management platform
- CVE-2026-46679 — libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)
- CVE-2026-46522 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)