Why scanners fail on GraphQL
Vulnerability scanners are designed for REST APIs: they test each endpoint, each HTTP method, each parameter. GraphQL has a single endpoint (/graphql), one method (POST), and a flexible query language. Automated tools miss the vulnerabilities specific to this paradigm.
Attack 1: introspection enabled in production
GraphQL offers an introspection feature that returns the complete schema: all types, all queries, all mutations, all fields. In production, this is the equivalent of publishing your complete API documentation including admin endpoints.
Test: send {"query": "{__schema{types{name fields{name}}}}"}. If it returns the schema, introspection is enabled.
Fix: disable introspection in production. On Apollo Server: introspection: false. But note that some internal monitoring tools may depend on it.
Attack 2: query batching to bypass rate limiting
GraphQL allows sending multiple operations in a single HTTP request. If rate limiting counts HTTP requests rather than GraphQL operations, the attacker sends hundreds of login mutations in one request for brute forcing.
Example: [{"query": "mutation { login(email:'admin', password:'pass1') { token } }"}, {"query": "mutation { login(email:'admin', password:'pass2') { token } }"}]
Fix: count individual GraphQL operations, not HTTP requests.
Attack 3: deep queries and Denial of Service
Circular relationships allow creating exponentially deep queries. { user { posts { author { posts { author { posts { ... } } } } } } } can consume gigabytes of server memory.
Fix: implement query depth limiting and query cost analysis. Libraries like graphql-depth-limit and graphql-cost-analysis exist for Node.js.
Attack 4: aliases for mass extraction
GraphQL aliases let you call the same field multiple times with different arguments in a single query: { u1: user(id:1) { email } u2: user(id:2) { email } u3: user(id:3) { email } }. The attacker extracts thousands of profiles in a few queries.
Fix: limit the number of aliases per query or implement cost analysis that counts aliases.
Attack 5: injection in directives and fragments
Custom directives and fragments can be injection vectors if their server-side processing isn't secured. Fragments also allow bypassing access controls if type resolution doesn't check authorization at each level.
Example: a fragment on a union type can reveal fields of a type the user shouldn't access if the check is only performed at the root query level.
What we recommend
CleanIssue systematically tests these five vectors during every GraphQL API audit. Request your audit call.
Related articles
Three adjacent analyses to keep exploring the same attack surface.
GraphQL API: 6 vulnerabilities that scanners don't detect
Introspection enabled, depth attacks, batching, IDOR via relay IDs — GraphQL flaws invisible to automated tools.
OWASP API Top 10: the 10 API flaws to know in 2026
Analysis of the 10 most critical API vulnerabilities per the OWASP API Security Top 10 2023, with practical examples for each category.
API and webhook vulnerabilities: the 2026 guide to the mistakes that really expose data
Reference guide to the API and webhook mistakes that create real exposure: BOLA, mass assignment, sensitive business flows, HMAC signatures, overly verbose docs, and over-trusting callbacks.
Sources
Editorial analysis based on official vendor, project, and regulator documentation.
Related services
If this topic maps to a real risk in your stack, these are the most relevant CleanIssue audits.