CVE-2026-40324

Hot Chocolate (GraphQL server) contains a vulnerability in Utf8GraphQLParser: prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, the recursive descent parser has no recursion-depth limit, so deeply nested GraphQL documents (as small as ~40 KB) can trigger a StackOverflowException. This unca...