CVE-2026-41700: Spring for GraphQL XSS Vulnerability

CVE-2026-41700 Overview

CVE-2026-41700 affects Spring for GraphQL applications that have enabled the WebSocket transport. The flaw exposes these applications to Cross-Site WebSocket Hijacking (CSWSH). An attacker who lures an authenticated user to a malicious page can execute arbitrary GraphQL operations using the victim's session.

The weakness is classified under [CWE-346] (Origin Validation Error). It impacts confidentiality and integrity of GraphQL data accessible to the authenticated user. The vulnerability is exploitable over the network without prior authentication, but requires user interaction.

Critical Impact
An attacker can perform authenticated GraphQL queries and mutations on behalf of a victim, leading to data disclosure and unauthorized state changes within the targeted application.

Affected Products

Spring for GraphQL 2.0.0 through 2.0.3
Spring for GraphQL 1.4.0 through 1.4.5, and 1.3.0 through 1.3.8
Spring for GraphQL 1.0.0 through 1.0.6

Discovery Timeline

2026-06-11 - CVE-2026-41700 published to NVD
2026-06-11 - Last updated in NVD database

Technical Details for CVE-2026-41700

Vulnerability Analysis

Spring for GraphQL supports a WebSocket transport for handling GraphQL subscriptions and operations. When this transport is enabled, the server accepts WebSocket upgrade requests without enforcing strict origin validation. Browsers send cookies and other ambient credentials during WebSocket handshakes, so a cross-origin page can open an authenticated socket to the vulnerable server.

Once the socket is established, the attacker controls the message stream. The attacker can issue any GraphQL query or mutation that the victim is authorized to perform. The response data flows back to the attacker's page, which exfiltrates it across the open channel.

The issue is a server-side authorization context confusion rooted in protocol design. The WebSocket protocol does not enforce the Same-Origin Policy, so applications must validate the Origin header during the handshake. Spring for GraphQL did not enforce this validation in the affected versions.

Root Cause

The root cause is missing origin validation on the GraphQL WebSocket handshake endpoint, mapped to [CWE-346]. The server trusts the session cookie alone to authenticate the connection. It does not verify that the request originated from an allowed origin, enabling cross-site initiated connections.

Attack Vector

Exploitation requires the victim to visit an attacker-controlled web page while authenticated to a vulnerable Spring for GraphQL application. The malicious page opens a WebSocket to the GraphQL endpoint. The browser attaches the victim's session cookies automatically. The attacker then sends GraphQL operations through the socket and receives the responses, all without same-origin restrictions blocking the read.

For a complete description of the protocol-level handshake and required server-side checks, refer to the Spring Security advisory for CVE-2026-41700.

Detection Methods for CVE-2026-41700

Indicators of Compromise

WebSocket upgrade requests to the GraphQL endpoint where the Origin header does not match the application's expected domain.
Unusual sequences of authenticated GraphQL queries or mutations originating from a single session shortly after the user browsed external sites.
Spikes in WebSocket connections from residential IPs or browsers with Sec-WebSocket-Protocol: graphql-transport-ws from unexpected referrers.

Detection Strategies

Log and inspect the Origin header on all WebSocket handshakes to the GraphQL endpoint and flag mismatches against an allowlist.
Correlate GraphQL operation patterns per session to identify abnormal mutation activity following an external referrer event.
Deploy WAF or reverse proxy rules to reject WebSocket upgrades that lack a valid Origin matching the application's domain.

Monitoring Recommendations

Forward Spring application access logs and WebSocket handshake metadata to a centralized log platform for correlation.
Alert on authenticated GraphQL mutations issued within seconds of a new WebSocket connection from an unrecognized origin.
Track Spring for GraphQL dependency versions across deployed services to identify systems running affected releases.

How to Mitigate CVE-2026-41700

Immediate Actions Required

Upgrade Spring for GraphQL to a fixed release line above the affected ranges as identified in the Spring Security advisory.
Inventory all services that import spring-graphql and enable the WebSocket transport, and prioritize them for patching.
Audit recent GraphQL mutation logs for evidence of operations triggered through cross-origin sessions.

Patch Information

VMware/Spring published the fix in the security advisory referenced above. Upgrade all instances of Spring for GraphQL beyond the affected versions: 2.0.0-2.0.3, 1.4.0-1.4.5, 1.3.0-1.3.8, and 1.0.0-1.0.6. Restart application instances after dependency upgrade to load the patched WebSocket handler.

Workarounds

Disable the GraphQL WebSocket transport if subscriptions are not required by the application.
Configure a reverse proxy or HandshakeInterceptor to reject WebSocket upgrades whose Origin header is not on an explicit allowlist.
Require a custom anti-CSRF token in the WebSocket connection initialization payload and validate it server-side before processing GraphQL operations.

bash

# Example: enforce Origin allowlist at an Nginx reverse proxy
map $http_origin $allowed_origin {
    default                       "";
    "https://app.example.com"     $http_origin;
    "https://admin.example.com"   $http_origin;
}

server {
    location /graphql {
        if ($allowed_origin = "") { return 403; }
        proxy_pass http://spring_backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Origin $allowed_origin;
    }
}