CVE-2026-41699 Overview
CVE-2026-41699 is an unsafe deserialization vulnerability [CWE-502] in Spring for GraphQL. The flaw resides in how the framework processes paginated GraphQL queries that return Connection fields. An attacker can craft a malicious GraphQL request that triggers deserialization of attacker-controlled data. When the application classpath contains gadget classes suitable for exploitation, this leads to remote code execution (RCE).
The vulnerability affects Spring for GraphQL versions 2.0.0 through 2.0.3, 1.4.0 through 1.4.5, and 1.3.0 through 1.3.8. Exploitation requires network access to the GraphQL endpoint and no authentication or user interaction.
Critical Impact
Unauthenticated attackers can achieve remote code execution on Spring for GraphQL applications that expose paginated Connection fields when exploitable gadget classes exist on the classpath.
Affected Products
- Spring for GraphQL 2.0.0 through 2.0.3
- Spring for GraphQL 1.4.0 through 1.4.5
- Spring for GraphQL 1.3.0 through 1.3.8
Discovery Timeline
- 2026-06-11 - CVE-2026-41699 published to NVD
- 2026-06-11 - Last updated in NVD database
Technical Details for CVE-2026-41699
Vulnerability Analysis
Spring for GraphQL provides cursor-based pagination through the Relay Connection specification. Cursors encode position information that clients send back to request subsequent pages. The framework decodes these cursors during query processing.
The vulnerability arises because cursor decoding deserializes attacker-supplied data without sufficient type restrictions. An attacker submitting a paginated GraphQL query can place a crafted cursor value into the after or before argument. The framework then deserializes this value during request handling.
When the application classpath contains classes that perform dangerous operations during deserialization, an attacker can chain these gadgets to execute arbitrary code. This pattern mirrors prior Java deserialization vulnerabilities affecting libraries such as Apache Commons Collections and Spring AOP components.
Root Cause
The root cause is unsafe deserialization [CWE-502] in the pagination handling logic. The framework trusts cursor data received from clients and converts it back into Java objects without enforcing a strict allow-list of expected types. This allows polymorphic deserialization of arbitrary classes available on the classpath.
Attack Vector
Exploitation requires the target application to expose at least one paginated GraphQL field that returns a Connection type. The attacker sends a GraphQL query containing a crafted after or before cursor argument. The malicious cursor encodes a serialized object graph designed to invoke gadget methods during deserialization.
The attack is unauthenticated when the GraphQL endpoint is publicly reachable. Attack complexity is rated high because successful exploitation depends on the presence of suitable gadget classes on the application classpath. Refer to the Spring Security advisory for CVE-2026-41699 for vendor-confirmed technical details.
Detection Methods for CVE-2026-41699
Indicators of Compromise
- GraphQL requests containing unusually long or binary-encoded after or before cursor arguments that do not match values previously issued by the server.
- Outbound network connections initiated by the Java application process immediately after GraphQL request processing.
- Unexpected child processes spawned by the JVM, such as sh, bash, cmd.exe, or powershell.exe.
- Java stack traces in application logs referencing ObjectInputStream, readObject, or Spring GraphQL pagination classes during error conditions.
Detection Strategies
- Inspect GraphQL request bodies at the application gateway for cursor arguments that fail base64 or expected cursor format validation.
- Enable JVM-level deserialization filtering with -Djdk.serialFilter to log and reject unexpected class deserialization events.
- Correlate GraphQL query logs with process execution telemetry to identify command execution following paginated query requests.
Monitoring Recommendations
- Forward GraphQL access logs and JVM audit events to a centralized analytics platform for behavioral baselining.
- Alert on any deserialization filter rejections originating from web-facing Spring services.
- Monitor the application server for new outbound connections to untrusted IP addresses following GraphQL traffic spikes.
How to Mitigate CVE-2026-41699
Immediate Actions Required
- Upgrade Spring for GraphQL to a fixed release: 2.0.4 or later, 1.4.6 or later, or 1.3.9 or later, as published in the Spring Security advisory.
- Audit the application classpath and remove libraries known to provide deserialization gadgets when they are not required.
- Restrict network access to GraphQL endpoints, requiring authentication where business requirements allow.
Patch Information
VMware/Broadcom published patched versions of Spring for GraphQL addressing the unsafe deserialization in paginated query handling. Consult the Spring Security advisory for CVE-2026-41699 for the exact fixed versions and upgrade guidance. Applications must be rebuilt and redeployed after dependency upgrade.
Workarounds
- Disable or remove paginated Connection fields from the GraphQL schema until patches are deployed.
- Apply a jdk.serialFilter allow-list to constrain Java deserialization to known-safe classes only.
- Place a web application firewall rule in front of the GraphQL endpoint that rejects requests containing oversized or malformed cursor arguments.
# JVM-wide deserialization filter restricting allowed classes
java -Djdk.serialFilter='java.base/*;org.springframework.graphql.**;!*' \
-jar your-spring-graphql-app.jar
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
