CVSS 3.1 Score 5.3 of 10 (medium)


Published Sep 20, 2023
Updated: Nov 7, 2023
CWE ID 400


The vulnerability CVE-2023-26144 affects versions of the package graphql from 16.3.0 to 16.8.1, and it is categorized as a Denial of Service (DoS) vulnerability. The vulnerability occurs due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. Attackers can exploit this vulnerability to degrade system performance, although it has not been proven to crash the process. The affected products include tz2RGC, tz2RGA, tz2RGB, tz2RF6, tz2RF7, tz2RF-, tz2RF_, tz2RF8, and tz2RF9. To remediate this vulnerability, users should update their graphql package to a version beyond 16.8.1 or apply any available patches provided by the vendor. The potential danger of this vulnerability lies in its ability to disrupt system performance and potentially impact an organization's operations and services.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-26144 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options