Skip to main content

CVE-2026-35441

MEDIUM
Uncontrolled Resource Consumption (CWE-400)
2026-04-04 https://github.com/directus/directus GHSA-ph52-67fq-75wj
6.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch released
Apr 04, 2026 - 08:30 nvd
Patch available
Analysis Generated
Apr 04, 2026 - 06:15 vuln.today
CVE Published
Apr 04, 2026 - 06:12 nvd
MEDIUM 6.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 3 npm packages depend on directus (1 direct, 2 indirect)

Ecosystem-wide dependent count for version 11.17.0.

DescriptionGitHub Advisory

Summary

Directus' GraphQL endpoints (/graphql and /graphql/system) did not deduplicate resolver invocations within a single request. An authenticated user could exploit GraphQL aliasing to repeat an expensive relational query many times in a single request, forcing the server to execute a large number of independent complex database queries concurrently, multiplying database load linearly with the number of aliases. The existing token limit on GraphQL queries still permitted enough aliases for significant resource exhaustion, while the relational depth limit applied per alias without reducing the total number executed. Rate limiting is disabled by default, meaning no built-in throttle prevented this from causing CPU, memory, and I/O exhaustion that could degrade or crash the service. Any authenticated user, including those with minimal read-only permissions, could trigger this condition.

Fix

A request-scoped resolver deduplication mechanism was introduced and applied broadly across all GraphQL read resolvers, both system and items endpoints. When multiple aliases in a single request invoke the same resolver with identical arguments, only the first call executes; all subsequent aliases share its result. This eliminates the amplification factor regardless of how many aliases a query contains.

Impact

  • Service degradation or outage: Concurrent complex database queries exhaust the connection pool and server resources, affecting all users
  • Low privilege required: Any authenticated user, including those with read-only access to a single collection, can trigger this condition
  • Linear scaling: Impact scales with the number of aliases and depth of relational queries
  • Compounded by concurrency: Multiple simultaneous requests multiply the effect further

AnalysisAI

Directus GraphQL endpoints fail to deduplicate resolver invocations within single requests, allowing authenticated users to exploit GraphQL aliasing for denial-of-service attacks. An attacker with minimal read-only permissions can repeat expensive relational queries using multiple aliases in a single request, forcing concurrent execution of numerous complex database queries that exhaust connection pools and server resources, potentially degrading or crashing the service. No public exploit code has been identified, and this vulnerability requires prior authentication to the Directus instance.

Technical ContextAI

Directus exposes GraphQL endpoints at /graphql and /graphql/system that process complex relational queries against backend databases. The vulnerability stems from CWE-400 (Uncontrolled Resource Consumption) - specifically, the GraphQL resolver layer did not implement request-scoped deduplication of identical resolver calls. GraphQL's aliasing feature allows a single query to invoke the same resolver multiple times with identical arguments under different alias names. Without deduplication, each alias triggers an independent resolver execution and database query, amplifying resource consumption linearly. While token limits and relational depth limits existed, they applied per-alias rather than per-request, and rate limiting was disabled by default, providing no throttle on the attack. The affected product is the npm package 'directus' across versions vulnerable to this resolver exhaustion pattern.

RemediationAI

Upgrade the 'directus' npm package to the patched version released by Directus that includes request-scoped resolver deduplication. Exact patched version numbers must be confirmed from the Directus security advisory (https://github.com/directus/directus/security/advisories/GHSA-ph52-67fq-75wj). As an interim mitigation before patching, enable and configure rate limiting in Directus configuration to throttle GraphQL requests per authenticated user, or restrict GraphQL endpoint access via reverse proxy rate limiting (e.g., nginx, AWS WAF, Cloudflare). Monitor database connection pool utilization and server CPU/memory under load from authenticated users. If Directus is exposed only to trusted internal users, the risk is substantially lower, but patch deployment remains recommended for defense-in-depth.

Share

CVE-2026-35441 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy