CVE-2026-47706 Strawberry GraphQL has a Circular Fragment Reference DOS

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

Strawberry GraphQL 安全漏洞

Strawberry GraphQL is an open-source Python GraphQL library that utilizes type annotations. Versions 0.172.0 to 0.315.6 of Strawberry GraphQL contain security vulnerabilities. These vulnerabilities stem from the MaxAliasesLimiter extension not taking into account the multiplicative amplification...