GraphQL Endpoint Supports Introspection
- Risk:
Informational
- Type:
- Tool
- Summary
The GraphQL endpoint has Introspection enabled. Introspection allows clients to query the schema and retrieve detailed information about the fields, types, inputs, etc. supported by the GraphQL endpoint. This may be valuable to an attacker, as it could enable them to craft more targeted queries.
- Solution
Disable Introspection on the GraphQL endpoint.
Oracle silently fixes zero-day exploit leaked by ShinyHunters
CISA: High-severity Windows SMB flaw now exploited in attacks
Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
New FileFix attack uses cache smuggling to evade security software
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Over 75,000 WatchGuard security devices vulnerable to critical RCE
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2023-20273 Cisco IOS XE Web UI Command Injection Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
Free online web security scanner