CVE-2026-40324 - Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
CVE ID :CVE-2026-40324 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A craf
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · aviation
- [AVIATION] Alaska Airlines Allowing Passengers To Boost Status By Contributing To SAF During Earth Month
- [AVIATION] Spitfire Completes Unique Formation Flights With Royal Air Force
- [AVIATION] The Baby Queen: Why Did Boeing Build The 747SP?
- [AVIATION] CBI Arrests Aviation Body Official In Rs 2.5 Lakh Bribery Case
- [AVIATION] Bulgaria: Pro-Russian Radev leading after parliamentary vote, exit polls show
- [AVIATION] A Look At The Hourly Pay Of US Regional Airline First Officers In 2026