Apollo Server

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-23897 HIGH PATCH This Week

Apollo Server's standalone mode (versions 2.0.0-3.13.0, 4.2.0-4.12.x, and 5.0.0-5.3.x) is vulnerable to denial of service attacks when processing GraphQL requests with non-standard character set encodings, allowing unauthenticated remote attackers to crash the service. This vulnerability only affects direct usage of startStandaloneServer and does not impact applications using Apollo Server through integration packages. No patch is currently available.

Denial Of Service Apollo Server

NVD GitHub VulDB

CVSS 3.1

7.5

EPSS

0.1%

CVE-2026-23897

EPSS 0% CVSS 7.5

HIGH PATCH This Week

Apollo Server's standalone mode (versions 2.0.0-3.13.0, 4.2.0-4.12.x, and 5.0.0-5.3.x) is vulnerable to denial of service attacks when processing GraphQL requests with non-standard character set encodings, allowing unauthenticated remote attackers to crash the service. This vulnerability only affects direct usage of startStandaloneServer and does not impact applications using Apollo Server through integration packages. No patch is currently available.

Denial Of Service Apollo Server

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy