Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | remorses/genql before version 6.3.4 allows an authenticated attacker with control of the GraphQL schema that is passed to genql to inject arbitrary JavaScript or TypeScript. The malicious code is injected into the generated schema.ts file and executes when the genql client is bundled and imported. | |
| Title | remorses/genql code injection | |
| Weaknesses | CWE-116 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: cisa-cg
Published:
Updated: 2026-07-16T19:14:30.532Z
Reserved: 2026-07-16T18:33:57.457Z
Link: CVE-2026-63397
No data.
No data.
No data.
OpenCVE Enrichment
No data.