GHSA-R7CG-QJJM-XHQQ: GHSA-R7CG-QJJM-XHQQ: Unbounded Recursion Denial of Service in webonyx/graphq…

1 / 2

GHSA-R7CG-QJJM-XHQQ: GHSA-R7CG-QJJM-XHQQ: Unbounded Recursion Denial of Service in webonyx/graphql-php

DEV Community·CVE Reports·27 days ago

#UsSE2gJR

#exploit #security #cve #cybersecurity #graphql #recursion

Reading 0:00

15s threshold

GHSA-R7CG-QJJM-XHQQ: Unbounded Recursion Denial of Service in webonyx/graphql-php Vulnerability ID: GHSA-R7CG-QJJM-XHQQ CVSS Score: 7.5 Published: 2026-05-05 An uncontrolled recursion vulnerability (CWE-674) in the webonyx/graphql-php library allows unauthenticated remote attackers to trigger a Denial of Service (DoS). The vulnerability resides in the recursive descent parser, which fails to limit the depth of nested structures, leading to a stack overflow and subsequent PHP process crash. TL;DR A flaw in webonyx/graphql-php's parser allows attackers to crash the PHP process via highly nested GraphQL queries, bypassing application-level validation. The issue is fixed in version 15.32.3 by implementing a default recursion limit of 256.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-R7CG-QJJM-XHQQ: GHSA-R7CG-QJJM-XHQQ: Unbounded Recursion Denial of Service in webonyx/graphql-php