CVE-2026-43967: Denial of Service via Algorithmic Complexity in Absinthe GraphQL Fragment Validation Vulnerability ID: CVE-2026-43967 CVSS Score: 8.7 Published: 2026-05-14 Absinthe, an Elixir GraphQL toolkit, is vulnerable to a Denial of Service (DoS) condition due to inefficient algorithmic complexity in its document validation phase. Unauthenticated attackers can exhaust server resources by submitting GraphQL requests with heavily duplicated fragment definitions. TL;DR A quadratic complexity flaw (O(N²)) in Absinthe's GraphQL fragment validation allows remote attackers to trigger severe CPU exhaustion via crafted requests, causing a Denial of Service. The vulnerability is patched in v1.10.2.…