CVE-2026-35441
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 3 npm packages depend on directus (1 direct, 2 indirect)
Ecosystem-wide dependent count for version 11.17.0.
DescriptionGitHub Advisory
Summary
Directus' GraphQL endpoints (/graphql and /graphql/system) did not deduplicate resolver invocations within a single request. An authenticated user could exploit GraphQL aliasing to repeat an expensive relational query many times in a single request, forcing the server to execute a large number of independent complex database queries concurrently, multiplying database load linearly with the number of aliases. The existing token limit on GraphQL queries still permitted enough aliases for significant resource exhaustion, while the relational depth limit applied per alias without reducing the total number executed. Rate limiting is disabled by default, meaning no built-in throttle prevented this from causing CPU, memory, and I/O exhaustion that could degrade or crash the service. Any authenticated user, including those with minimal read-only permissions, could trigger this condition.
Fix
A request-scoped resolver deduplication mechanism was introduced and applied broadly across all GraphQL read resolvers, both system and items endpoints. When multiple aliases in a single request invoke the same resolver with identical arguments, only the first call executes; all subsequent aliases share its result. This eliminates the amplification factor regardless of how many aliases a query contains.
Impact
- Service degradation or outage: Concurrent complex database queries exhaust the connection pool and server resources, affecting all users
- Low privilege required: Any authenticated user, including those with read-only access to a single collection, can trigger this condition
- Linear scaling: Impact scales with the number of aliases and depth of relational queries
- Compounded by concurrency: Multiple simultaneous requests multiply the effect further
AnalysisAI
Directus GraphQL endpoints fail to deduplicate resolver invocations within single requests, allowing authenticated users to exploit GraphQL aliasing for denial-of-service attacks. An attacker with minimal read-only permissions can repeat expensive relational queries using multiple aliases in a single request, forcing concurrent execution of numerous complex database queries that exhaust connection pools and server resources, potentially degrading or crashing the service. No public exploit code has been identified, and this vulnerability requires prior authentication to the Directus instance.
Technical ContextAI
Directus exposes GraphQL endpoints at /graphql and /graphql/system that process complex relational queries against backend databases. The vulnerability stems from CWE-400 (Uncontrolled Resource Consumption) - specifically, the GraphQL resolver layer did not implement request-scoped deduplication of identical resolver calls. GraphQL's aliasing feature allows a single query to invoke the same resolver multiple times with identical arguments under different alias names. Without deduplication, each alias triggers an independent resolver execution and database query, amplifying resource consumption linearly. While token limits and relational depth limits existed, they applied per-alias rather than per-request, and rate limiting was disabled by default, providing no throttle on the attack. The affected product is the npm package 'directus' across versions vulnerable to this resolver exhaustion pattern.
RemediationAI
Upgrade the 'directus' npm package to the patched version released by Directus that includes request-scoped resolver deduplication. Exact patched version numbers must be confirmed from the Directus security advisory (https://github.com/directus/directus/security/advisories/GHSA-ph52-67fq-75wj). As an interim mitigation before patching, enable and configure rate limiting in Directus configuration to throttle GraphQL requests per authenticated user, or restrict GraphQL endpoint access via reverse proxy rate limiting (e.g., nginx, AWS WAF, Cloudflare). Monitor database connection pool utilization and server CPU/memory under load from authenticated users. If Directus is exposed only to trusted internal users, the risk is substantially lower, but patch deployment remains recommended for defense-in-depth.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-ph52-67fq-75wj