CVE-2026-35523
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connection_init handshake has been completed before processing start (subscription) messages. This allows a remote attacker to skip the on_ws_connect authentication hook entirely by connecting with the graphql-ws subprotocol and sending a start message directly, without ever sending connection_init.
The graphql-transport-ws subprotocol handler is not affected, as it correctly gates subscription operations on a connection_acknowledged flag. However, both subprotocols are enabled by default in all framework integrations that support websockets, and the subprotocol is selected by the client via the Sec-WebSocket-Protocol header.
Any application relying on on_ws_connect for authentication or authorization is affected.
Mitigation: Upgrade to the patched version, or explicitly disable the legacy graphql-ws subprotocol by setting subscription_protocols=[GRAPHQL_TRANSPORT_WS_PROTOCOL] on your GraphQL view/router.
AnalysisAI
Authentication bypass in Strawberry GraphQL WebSocket subscriptions (versions <0.312.3) allows unauthenticated remote attackers to access protected GraphQL subscription endpoints by exploiting the legacy graphql-ws subprotocol handler. Attackers can skip the on_ws_connect authentication hook by connecting with graphql-ws and sending subscription start messages without completing the connection_init handshake. No public exploit identified at time of analysis, though exploitation is straightforward given the protocol-level nature of the bypass. CVSS 7.5 reflects network-accessible unauthenticated attack with high confidentiality impact.
Technical ContextAI
Strawberry is a Python GraphQL library (pkg:pip/strawberry-graphql) that supports WebSocket-based GraphQL subscriptions via two subprotocols: the legacy graphql-ws and the newer graphql-transport-ws. The vulnerability stems from improper access control (CWE-306) in the graphql-ws handler implementation. In a correct WebSocket subscription flow, clients must complete a connection_init handshake before the server processes subscription operations. The graphql-transport-ws handler enforces this via a connection_acknowledged flag that gates subsequent messages. However, the legacy graphql-ws handler fails to verify handshake completion before processing start messages, allowing clients to bypass the on_ws_connect authentication hook entirely. Because both subprotocols are enabled by default across all framework integrations (ASGI, Django, FastAPI, etc.) and clients select the protocol via the Sec-WebSocket-Protocol HTTP header, attackers can trivially force use of the vulnerable handler regardless of server configuration preferences.
RemediationAI
Vendor-released patch: version 0.312.3 (released at https://github.com/strawberry-graphql/strawberry/releases/tag/0.312.3). Upgrade strawberry-graphql to version 0.312.3 or later via pip install --upgrade strawberry-graphql to apply the fix implemented in commit 0977a4e6b41b7cfe3e9d8ba84a43458a2b0c54c2. For environments where immediate upgrade is not feasible, explicitly disable the vulnerable legacy graphql-ws subprotocol by configuring subscription_protocols=[GRAPHQL_TRANSPORT_WS_PROTOCOL] on GraphQL view or router instances, forcing clients to use only the secure graphql-transport-ws protocol. Review application logs for suspicious WebSocket connection patterns where start messages appear without preceding connection_init messages, particularly connections specifying graphql-ws in Sec-WebSocket-Protocol headers. Consult the GitHub security advisory at https://github.com/strawberry-graphql/strawberry/security/advisories/GHSA-vpwc-v33q-mq89 for additional vendor guidance.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-vpwc-v33q-mq89