CVE-2026-1170
Information Disclosure in Birkir Prime GraphQL API via Remote Manipulation
Publication date: 2026-01-19
Last updated on: 2026-02-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| birkir | prime | to 0.4.0.beta.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1170 is an information disclosure vulnerability in birkir prime up to version 0.4.0.beta.0, specifically affecting the GraphQL API endpoint /graphql. The vulnerability occurs because the GraphQL feature enables Introspection Queries by default, allowing an attacker to remotely perform Introspection Query attacks. These attacks reveal detailed information about the GraphQL API's schema, including types and fields, exposing sensitive internal API structure and metadata without requiring authentication. [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information about the internal structure and capabilities of the GraphQL API. Attackers can use this information to better understand the system and craft further targeted attacks, potentially compromising confidentiality. Since the attack can be performed remotely without authentication and a public exploit exists, the risk of exploitation is significant. There are no known countermeasures currently, and the affected product has not responded to the issue. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending GraphQL Introspection Queries to the /graphql endpoint of the birkir prime system. For example, you can use a curl command to send a POST request with an Introspection Query to check if the GraphQL API allows schema introspection, which indicates the vulnerability. A sample command is: curl -X POST -H "Content-Type: application/json" --data '{"query":"{ __schema { types { name } } }"}' http://<target-host>/graphql If the response returns detailed schema information, the system is vulnerable to this information disclosure issue. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Currently, no official patches or countermeasures have been provided by the birkir prime project. Immediate mitigation steps include disabling GraphQL Introspection Queries if possible, restricting access to the /graphql endpoint to trusted users or networks, or replacing the affected product with an alternative that does not expose this vulnerability. Monitoring and blocking suspicious requests targeting the /graphql endpoint can also help reduce risk until a fix is available. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability leads to unauthorized disclosure of sensitive internal API information, which can compromise confidentiality. Such information disclosure could potentially violate data protection requirements under standards like GDPR and HIPAA, which mandate safeguarding sensitive data and preventing unauthorized access. However, the provided resources do not explicitly discuss compliance impacts or regulatory consequences. [1, 2, 3]