The Sched app allows you to build your schedule but you must also be registered for GraphQLConf 2026 to participate in the sessions.
Please note: This schedule is automatically displayed in Pacific Daylight Time (UTC-7). To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.
IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Sign up or log in to add sessions to your schedule and sync them to your phone or calendar.
Fragments—an indispensable tool for modularizing data requirements alongside client code, but also a denial-of-service attack vector for servers. Security guides will tell you to mitigate by validating queries and performing cost analysis, usually via field costs and list sizes. However, this focus on field execution can distract from how fragments affect the rest of the server stack. In this lightning talk, we explore the attack patterns and mitigation strategies for the fragment-based vulnerabilities at the core of CVE-2025-31496, CVE-2025-32030, CVE-2025-32033, and CVE-2025-32034.
