CVE-2026-47707: Strawberry GraphQL Fragment Spread Alias Bypass DoS
Strawberry GraphQL, a Python library for building GraphQL APIs, contains a flaw in its MaxAliasesLimiter security extension that allows attackers to bypass protective limits on query aliases. The vulnerability exists because the extension counts static aliases correctly but fails to account for how fragment spreads multiply and amplify those aliases during execution. An attacker can craft a malicious GraphQL query using fragment spreads to force the server to resolve far more aliases than the configured limit permits, exhausting server resources and causing a denial of service. The issue affects versions 0.172.0 through 0.315.6; version 0.315.7 and later contain the fix.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Weaknesses (CWE)
- CWE-400
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-04 / 2026-06-17
NVD description (verbatim)
Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not consider how many times a fragments internal aliases are expanded during execution. this allows an attacker to bypass alias limits and force the server to resolve and render a significantly higher number of aliases than allowed, potentially leading to a dos via resource exhaustion. Version 0.315.7 contains a fix for the issue.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The MaxAliasesLimiter extension in Strawberry GraphQL implements alias counting at the Abstract Syntax Tree (AST) level to prevent query amplification attacks. However, it does not track the multiplicative expansion of aliases that occurs when FragmentSpreadNode references are resolved and executed. When a fragment containing multiple aliases is spread (reused) multiple times across a query, the actual number of alias resolutions at runtime exceeds the statically counted value by the number of spreads. An attacker can exploit this discrepancy by structuring a query with nested or repeated fragment spreads to cause exponential or linear alias multiplication, bypassing the configured limit and forcing excessive resolver execution. CWE-400 (Uncontrolled Resource Consumption) classifies this issue.
Business impact
For organizations operating Strawberry GraphQL endpoints, successful exploitation results in denial of service without requiring authentication or special privileges. Attackers can make legitimate services unavailable by sending specially crafted queries that force excessive computational work. This impacts API availability and user experience, particularly for public or semi-public GraphQL APIs. The low authentication barrier (none required) and network accessibility make this a practical threat in production environments. Organizations relying on alias limits for query cost control or rate-limiting strategies will find those protections circumvented.
Affected systems
All deployments of Strawberry GraphQL versions 0.172.0 through 0.315.6 are vulnerable. Organizations using earlier versions (prior to 0.172.0) or version 0.315.7 and later are not affected. The vulnerability is present in the core library; exposure depends on whether the MaxAliasesLimiter extension is actively configured and enabled in the GraphQL schema.
Exploitability
Exploitability is high. No authentication, user interaction, or special network positioning is required; an attacker needs only network access to the GraphQL endpoint. Crafting a malicious query requires understanding of GraphQL fragment spreads and alias mechanics, but this knowledge is well within the capability of competent attackers. Public documentation on GraphQL query optimization makes the attack pattern discoverable. The CVSS vector (AV:N/AC:L/PR:N/UI:N) reflects this accessibility. Real-world exploitation likelihood is elevated given the specificity of the flaw and the availability of GraphQL debugging tools.
Remediation
Upgrade Strawberry GraphQL to version 0.315.7 or later immediately. This version includes a corrected MaxAliasesLimiter that properly accounts for fragment spread expansion. Test the upgraded library in a staging environment to ensure compatibility with your GraphQL schema and resolver implementations before production deployment. If immediate upgrading is not feasible, consider disabling the MaxAliasesLimiter temporarily and implementing alternative query cost or complexity controls at the application or network layer until patching is completed.
Patch guidance
Verify your current Strawberry GraphQL version by checking your dependency lock file or running pip show strawberry-graphql in your Python environment. Update to version 0.315.7 or any later version by running pip install --upgrade strawberry-graphql and then restarting your GraphQL service. Strawberry's versioning follows semantic versioning; no breaking changes are expected between 0.315.6 and 0.315.7. Consult the official Strawberry changelog at https://github.com/strawberry-graphql/strawberry/releases for any migration notes specific to your deployment.
Detection guidance
Monitor GraphQL query logs for unusual patterns of alias usage, particularly queries containing multiple nested or repeated fragment spreads that expand to significantly more aliases than statically visible in the query text. If query monitoring is enabled, look for sudden spikes in alias count metrics relative to query complexity scores. Network-level detection is challenging but possible: inspect GraphQL request payloads for fragment spread patterns combined with high alias counts. Alerting on queries that exceed your configured alias limit (if logged separately) can identify attack attempts. Consider implementing query depth and complexity analysis that evaluates the runtime expansion of fragments to catch similar bypasses.
Why prioritize this
Though the CVSS score is moderate (5.3/MEDIUM), prioritization should be elevated due to the unauthenticated, network-accessible nature of the attack and its direct impact on availability. Organizations operating public GraphQL APIs or those for which availability is critical should treat this as a higher priority than the base score suggests. The fix is straightforward (a patch version upgrade), which supports rapid remediation. If your deployment does not use MaxAliasesLimiter or uses alternative query cost controls, urgency is lower but patching remains advisable.
Risk score, explained
The CVSS:3.1 score of 5.3 reflects low impact (availability only, no confidentiality or integrity breach), but the attack vector is network-based with no authentication or user interaction required. The score appropriately captures a denial-of-service scenario that is accessible but not catastrophic. However, practical risk to a specific organization depends on query cost strategy, the presence of downstream rate-limiting, and the criticality of the GraphQL endpoint. A public API with heavy reliance on alias limits warrants higher internal risk scoring than an internal service with defense-in-depth controls.
Frequently asked questions
Do I need to upgrade if I do not use the MaxAliasesLimiter extension?
If you have not explicitly configured or enabled the MaxAliasesLimiter extension in your Strawberry schema, this vulnerability does not directly affect you. However, upgrading remains recommended as a best practice for security maintenance. Check your schema definition for any references to MaxAliasesLimiter in extension configuration.
Can this vulnerability be exploited without sending a query to the GraphQL endpoint?
No. The attacker must have network access to send a crafted GraphQL query to the endpoint. There is no out-of-band exploitation mechanism. If your GraphQL endpoint is behind authentication, network segmentation, or a WAF that validates query patterns, your risk is reduced.
What is a fragment spread and why does it matter for this vulnerability?
A fragment spread is a GraphQL feature that allows you to reuse a set of fields across multiple queries or within a single query. For example, a fragment might define a set of aliases for a field. When that fragment is spread (referenced) multiple times, the aliases within it are executed multiple times, multiplying the total alias count. The MaxAliasesLimiter failed to account for this multiplication, allowing attackers to bypass the limit.
If I am already running version 0.315.7 or later, am I protected?
Yes. Version 0.315.7 includes the fix and properly counts aliases across fragment spread expansions. Verify your version with pip show strawberry-graphql and confirm the version number is 0.315.7 or later.
This analysis is based on published CVE data and vendor advisories as of the date of writing. Threat actors may develop novel exploitation techniques not described here. Organizations should verify patch applicability against their specific deployment configuration and test in non-production environments before applying updates. SEC.co does not endorse or distribute exploit code or proof-of-concept demonstrations. For official guidance, refer to the Strawberry GraphQL project repository and security advisories. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-47706MEDIUMStrawberry GraphQL QueryDepthLimiter Denial of Service
- CVE-2019-25721MEDIUMDräger Infinity M300 Denial-of-Service Vulnerability – Network-Induced Device Reboots
- CVE-2019-25724MEDIUMDräger Infinity M300 Denial-of-Service Vulnerability Impact on Patient Monitoring
- CVE-2025-48648MEDIUMAndroid NotificationManagerService Resource Exhaustion DoS
- CVE-2026-0042MEDIUMAndroid UBSan Resource Exhaustion Denial of Service
- CVE-2026-0069MEDIUMAndroid Resource Exhaustion in APK Signature Verification
- CVE-2026-0074MEDIUMAndroid LauncherProcessImageListener Denial of Service Vulnerability
- CVE-2026-10156MEDIUMOpen5GS Resource Exhaustion Vulnerability in nf-instances Endpoint