CVE-2026-1171
Denial of Service in Birkir Prime GraphQL Field Handler
Publication date: 2026-01-19
Last updated on: 2026-02-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| birkir | prime | to 0.4.0.beta.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1171 is a vulnerability in birkir prime up to version 0.4.0.beta.0 involving the GraphQL Field Handler at the /graphql endpoint. The issue arises because the implementation executes the resolver function independently for each repeated field in a GraphQL query. Since GraphQL allows requesting the same field multiple times, this causes an amplification effect where redundant database queries or computations are performed repeatedly. An attacker can exploit this by sending a query with many repeated fields, causing excessive resource consumption and leading to a denial of service (DoS) condition on the server. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to cause a denial of service (DoS) on your server running birkir prime up to 0.4.0.beta.0. The attacker can send specially crafted GraphQL queries with duplicated fields that cause the server to perform excessive redundant processing, exhausting server resources. This can make the service unavailable to legitimate users. The attack requires no authentication and is easy to execute, with a public proof-of-concept exploit available. No patches or mitigations have been provided by the vendor, so the affected system remains vulnerable. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring GraphQL queries sent to the /graphql endpoint for repeated fields within a single query, especially the same field requested multiple times (e.g., __typename repeated hundreds of times). Detection can involve capturing and analyzing GraphQL requests to identify such duplication patterns that cause excessive resolver executions. Specific commands are not provided in the resources, but network traffic capture tools like tcpdump or Wireshark can be used to capture requests, and custom scripts or GraphQL query analyzers can be employed to detect repeated fields in queries. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include considering replacing the affected birkir prime product since no patches or countermeasures have been provided by the vendor. Additionally, monitoring and filtering GraphQL queries to block or limit requests containing duplicated fields can help reduce the risk. Implementing rate limiting or Web Application Firewall (WAF) rules to detect and block suspicious GraphQL queries with repeated fields may also mitigate exploitation attempts. [2]