1. Strawberry GraphQL WebSocket Authentication Bypass Exposed in CVE-2026-35523
A critical security flaw in the Strawberry GraphQL framework allows attackers to bypass authentication on WebSocket subscription endpoints. The vulnerability, tracked as CVE-2026-35523, is present in all versions up to 0.312.2. The core failure lies in the legacy `graphql-ws` subprotocol handler, which processes subscr...