Skip to content

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

Critical severity GitHub Reviewed Published Mar 13, 2026 in apollographql/federation • Updated Mar 13, 2026

Package

npm @apollo/federation-internals (npm)

Affected versions

< 2.9.6
>= 2.10.0, < 2.10.5
>= 2.11.0, < 2.11.6
>= 2.12.0, < 2.12.3
>= 2.13.0, < 2.13.2

Patched versions

2.9.6
2.10.5
2.11.6
2.12.3
2.13.2
npm @apollo/gateway (npm)
< 2.9.6
>= 2.10.0, < 2.10.5
>= 2.11.0, < 2.11.6
>= 2.12.0, < 2.12.3
>= 2.13.0, < 2.13.2
2.9.6
2.10.5
2.11.6
2.12.3
2.13.2
npm @apollo/query-planner (npm)
< 2.9.6
>= 2.10.0, < 2.10.5
>= 2.11.0, < 2.11.6
>= 2.12.0, < 2.12.3
>= 2.13.0, < 2.13.2
2.9.6
2.10.5
2.11.6
2.12.3
2.13.2

Description

Impact

A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target prototype-inheritable properties. Alternatively, if a subgraph were to be compromised by a malicious actor, they may be able to pollute Object.prototype in gateway by crafting JSON response payloads that target prototype-inheritable properties.

Because Object.prototype is shared across the Node.js process, successful exploitation can affect subsequent requests to the gateway instance. This may result in unexpected application behavior, privilege escalation, data integrity issues, or other security impact depending on how polluted properties are subsequently consumed by the application or its dependencies. As of the date of this advisory, Apollo is not aware of any reported exploitation of this vulnerability.

Patches

Mitigations addressing prototype pollution exposure have been applied in @apollo/federation-internals, @apollo/gateway, and @apollo/query-planner versions 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2. Users are encouraged to upgrade to these versions or later at their earliest convenience.

Workarounds

A fully effective workaround is not available without a code change. As an interim measure, users who are unable to upgrade immediately may consider placing an input validation layer in front of the gateway to filter operations containing GraphQL names matching known Object.prototype pollution patterns (e.g., __proto__, constructor, prototype). Users should also ensure that subgraphs in their federated graph originate from trusted sources.

References

@dcwalter dcwalter published to apollographql/federation Mar 13, 2026
Published to the GitHub Advisory Database Mar 13, 2026
Reviewed Mar 13, 2026
Last updated Mar 13, 2026

Severity

Critical

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(8th percentile)

Weaknesses

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. Learn more on MITRE.

CVE ID

CVE-2026-32621

GHSA ID

GHSA-pfjj-6f4p-rvmh

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.