GHSA-H3HW-29FV-2X75 @envelop/graphql-modules has a Race Condition vulnerability

Summary Context race condition when using useGraphQLModules plugin Details Related to: https://github.com/graphql-hive/graphql-modules/security/advisories/GHSA-53wg-r69p-v3r7 When 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the...

@accounter/server (>=0.0.0 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec), @frontside/backstage-plugin-graphql (>=0.1.0 <=0.6.0) +4 more potentially affected by unknown CVE via @envelop/graphql-modules (>=0.2.1 <=6.0.0)

@envelop/graphql-modules NPM version =0.2.1, =0.0.0, =0.1.0, =0.1.7, =0.2.6, =0.1.0, =0.7.0, =0.9.6 Source cves: unknown CVE Source advisory: OSV:GHSA-H3HW-29FV-2X75...

EUVD-2026-3671

@envelop/graphql-modules has a Race Condition vulnerability...

Race Condition

Overview @envelop/graphql-modules is a This plugins integrates graphql-modules execution lifecycle into the GraphQL execution flow. Affected versions of this package are vulnerable to Race Condition via the useGraphQLModules plugin. An attacker can cause request context data to be mixed between...

CVE-2026-23735

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

@accounter/server (>=0.0.0 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec), @aligent/auth-module (=1.0.1) +1 more potentially affected by CVE-2026-23735 via graphql-modules (>=2.3.0 <=2.4.0)

graphql-modules NPM version =2.3.0, =0.0.0, =1.0.7, =1.0.9 Source cves: CVE-2026-23735 Source advisory: OSV:GHSA-53WG-R69P-V3R7...

GHSA-53WG-R69P-V3R7 GraphQL Modules has a Race Condition issue

Summary Originally reported as an issue 2613 but should be elevated to a security issue as the ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. Details When 2 or more parallel requests are made which trigger the same...

GraphQL Modules has a Race Condition issue

Summary Originally reported as an issue 2613 but should be elevated to a security issue as the ExecutionContext is often used to pass authentication tokens from incoming requests to services loading data from backend APIs. Details When 2 or more parallel requests are made which trigger the same...

CVE-2026-23735

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in graphql-modules

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

EUVD-2026-2862

GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the...

CVE-2026-23735

Summary: Multiple sources describe a race condition in GraphQL Modules where, when 2 or more parallel requests trigger the same service, the request context injected via @ExecutionContext() can be mixed between concurrent executions, potentially leaking authentication-context data between users. ...

PT-2026-3319

Name of the Vulnerable Software and Affected Versions GraphQL Modules versions 2.2.1 through 2.4.0 GraphQL Modules versions 3.1.1 Description GraphQL Modules has an issue where, when two or more parallel requests trigger the same service, the context of the requests can become mixed up within the...

Graphql Modules: Competition Condition Vulnerability

Graphql Modules is a backend framework for GraphQL servers, open-sourced by Hive. Versions of Graphql Modules from 2.2.1 to 2.4.1, as well as versions before 3.1.1, have a race condition vulnerability. This vulnerability stems from context confusion during parallel requests, which may lead to...