[MEDIUM] graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

PKSA-7h5p-prw9-w5nr CVE-2026-40476 GHSA-68jq-c3rv-pcrr

Affected version: <=15.31.4

Reported by:
GitHub