CVE-2026-1169
Cross-Site Request Forgery in Birkir Prime β€ 0.4.0.beta
Publication date: 2026-01-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | birkir_prime | to 0.4.0.beta.0 (inc) |
| birkir | prime | to 0.4.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1169 is a Cross-Site Request Forgery (CSRF) vulnerability in birkir prime versions up to 0.4.0.beta.0. It arises because the GraphQL implementation allows client queries via HTTP GET requests without proper CSRF protections. Attackers can craft malicious GET requests that execute unauthorized actions on behalf of privileged users without their consent. This means an attacker can trick a user into executing unwanted actions remotely by exploiting the way the application handles these GET requests. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform unauthorized actions on your behalf if you are a privileged user of birkir prime. Since the exploit can be launched remotely and does not require authentication, attackers can trick users into executing malicious requests that compromise the integrity of the system. This can lead to manipulation of data or actions within the application without the user's knowledge or consent. The exploit is easy to perform and publicly available, increasing the risk of exploitation. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP GET requests containing GraphQL query parameters sent to the birkir prime application endpoints. A practical detection method is to look for unusual or unauthorized GET requests that include GraphQL queries, which may indicate exploitation attempts. A suggested command to test or detect the vulnerability is using curl to send a crafted GET request with a GraphQL query parameter to the target endpoint, for example: curl -G 'http://target/endpoint' --data-urlencode 'query={maliciousQuery}'. Monitoring logs for such requests can help identify potential exploitation. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the use of HTTP GET requests for GraphQL queries in birkir prime, as this is the root cause enabling CSRF attacks. Since the project maintainers have not provided any fixes or countermeasures yet, consider implementing CSRF protections such as requiring anti-CSRF tokens or switching to POST requests for GraphQL queries. If mitigation is not feasible, consider replacing the affected product with an alternative that does not have this vulnerability. [3]