Apollo Federation is vulnerable to a critical prototype pollution flaw that allows malicious clients or compromised subgraphs to compromise the integrity of the entire gateway.

A vulnerability in the gateway's query plan execution allows for the pollution of Object.prototype. This can be triggered by a malicious client using field aliases/variables or by a compromised subgraph sending malicious JSON response payloads.

Prototype pollution in a central gateway like Apollo Federation is a Critical risk (CVSS 9.9). It can lead to Remote Code Execution (RCE), bypass of security logic, or persistent Denial of Service (DoS) across the entire application graph. This affects the core architecture of the organization's API ecosystem.

Immediate Action: Update Apollo Federation to version 2.9.6, 2.10.5, 2.11.6, 2.12.3, 2.13.2, or later to address the pollution flaw.

Proactive Monitoring: Audit GraphQL queries for unusual field aliasing patterns and monitor subgraph responses for unexpected JSON structures targeting prototype-inheritable properties.

Compensating Controls: Implement strict schema validation and use security libraries that freeze the Object.prototype to prevent modification at runtime.

Public Exploit Available: No

Given the CVSS score of 9.9 and the central role Apollo Federation plays in modern API architectures, this update must be applied immediately. Security teams should coordinate with development teams to ensure all gateways and subgraphs are running the patched versions to maintain the integrity of the unified graph.