{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T10:14:18.806","vulnerabilities":[{"cve":{"id":"CVE-2026-23897","sourceIdentifier":"security-advisories@github.com","published":"2026-02-04T20:16:05.130","lastModified":"2026-03-18T13:06:52.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone is vulnerable to denial of service (DoS) attacks through specially crafted request bodies with exotic character set encodings. This issue does not affect users that use @apollo/server as a dependency for integration packages, like @as-integrations/express5 or @as-integrations/next, only direct usage of startStandaloneServer."},{"lang":"es","value":"Apollo Server es un servidor GraphQL de código abierto, compatible con especificaciones, que es compatible con cualquier cliente GraphQL, incluyendo Apollo Client. En las versiones de 2.0.0 a 3.13.0, de 4.2.0 a antes de 4.13.0, y de 5.0.0 a antes de 5.4.0, la configuración predeterminada de startStandaloneServer de @apollo/server/standalone es vulnerable a ataques de denegación de servicio (DoS) a través de cuerpos de solicitud especialmente diseñados con codificaciones de conjuntos de caracteres exóticas. Este problema no afecta a los usuarios que usan @apollo/server como dependencia para paquetes de integración, como @as-integrations/express5 o @as-integrations/next, solo el uso directo de startStandaloneServer."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apollographql:apollo_server:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"3.13.0","matchCriteriaId":"34174FF9-91E9-483C-AA97-CF5A49DDAA9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apollographql:apollo_server:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.13.0","matchCriteriaId":"4025F805-618D-4076-BA0C-5793BD7D9FCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apollographql:apollo_server:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.4.0","matchCriteriaId":"C94B1336-4AB9-450F-A10B-8B030823D150"}]}]}],"references":[{"url":"https://github.com/apollographql/apollo-server/commit/d25a5bdc377826ad424fcf7f8d1d062055911643","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/apollographql/apollo-server/commit/e9d49d163a86b8a33be56ed27c494b9acd5400a4","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/apollographql/apollo-server/security/advisories/GHSA-mp6q-xf9x-fwf7","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}}]}