CVE-2026-10802: Resource Consumption in keystonejs keystone
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
AI Analysis
Technical Summary
This vulnerability in keystonejs keystone up to version 20260319 affects the GraphQL API Endpoint component, specifically in the file packages/core/src/lib/core/queries/output-field.ts. It allows remote attackers to cause resource consumption, potentially leading to denial of service or degraded performance. The vulnerability has a CVSS 4.0 base score of 5.3 (medium severity) with an attack vector of network, low attack complexity, no privileges required, and no user interaction. Although an exploit is public, the official fix has not yet been merged or released.
Potential Impact
Successful exploitation results in resource consumption on the affected system, which may degrade performance or cause denial of service conditions. There is no indication of privilege escalation, data disclosure, or integrity impact. The vulnerability can be triggered remotely without authentication.
Mitigation Recommendations
Patch status is not yet confirmed as the fix is pending acceptance of a pull request. Users should monitor the official keystonejs repository and advisories for the release of an official fix. Until then, consider implementing rate limiting or other resource usage controls on the GraphQL API endpoint to mitigate potential impact.
CVE-2026-10802: Resource Consumption in keystonejs keystone
Description
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attack remotely. The exploit is now public and may be used. The pull request to fix this issue awaits acceptance.
CVSS v4.0
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in keystonejs keystone up to version 20260319 affects the GraphQL API Endpoint component, specifically in the file packages/core/src/lib/core/queries/output-field.ts. It allows remote attackers to cause resource consumption, potentially leading to denial of service or degraded performance. The vulnerability has a CVSS 4.0 base score of 5.3 (medium severity) with an attack vector of network, low attack complexity, no privileges required, and no user interaction. Although an exploit is public, the official fix has not yet been merged or released.
Potential Impact
Successful exploitation results in resource consumption on the affected system, which may degrade performance or cause denial of service conditions. There is no indication of privilege escalation, data disclosure, or integrity impact. The vulnerability can be triggered remotely without authentication.
Mitigation Recommendations
Patch status is not yet confirmed as the fix is pending acceptance of a pull request. Users should monitor the official keystonejs repository and advisories for the release of an official fix. Until then, consider implementing rate limiting or other resource usage controls on the GraphQL API endpoint to mitigate potential impact.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-04T05:02:30.479Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a216d2ae29bf47b509f3acc
Added to database: 6/4/2026, 12:18:50 PM
Last enriched: 6/4/2026, 12:34:11 PM
Last updated: 6/4/2026, 1:33:56 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.