CVE-2026-42794 | absinthe-graphql absinthe_plug up to 1.2.0 graphiql.ex cross site scripting (Issue 275)

A vulnerability described as problematic has been identified in absinthe-graphql absinthe_plug up to 1.2.0. Affected by this vulnerability is the function absinthe_plug in the library lib/absinthe/plug/graphiql.ex. Such manipulation leads to cross site scripting.

This vulnerability is listed as CVE-2026-42794. The attack may be performed from remote. There is no available exploit.

It is best practice to apply a patch to resolve this issue.VulDB Recent EntriesRead More