--- Vulnerability Information Title Improper Enforcement of Renamed Access Control Directives Severity High CVSS: 7.5 / 10 Affected Versions : < 1.61.12, < 2.8.1 : < 1.61.12, < 2.8.1 : < 1.61.12, < 2.8.1 : < 1.61.12, < 2.8.1 Fixed Versions : 1.61.12, 2.8.1 : 1.61.12, 2.8.1 : 1.61.12, 2.8.1 : 1.61.12, 2.8.1 Vulnerability Description Apollo Router contains a vulnerability that allows unauthorized access to protected data through schema elements using renamed access control directives (such as , , and ). Impact Affects customers using Apollo Router, particularly those who define schema elements that import renamed access control directives via . Solution Upgrade Apollo Router to version 1.61.12+ or 2.8.1+. Users not using renamed access control directives are not affected. Temporary Mitigation If immediate upgrade is not possible, remove any renamed access control directives from imports. Users not using Apollo Router or renamed access control directives do not need to take action.