CVE-2026-1172
Unknown Unknown - Not Provided
Denial of Service in Birkir Prime GraphQL Directive Handler

Publication date: 2026-01-19

Last updated on: 2026-02-23

Assigner: VulDB

Description
A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-19
Last Modified
2026-02-23
Generated
2026-05-06
AI Q&A
2026-01-19
EPSS Evaluated
2026-05-05
NVD
CVE-2026-1172
EUVD
EUVD-2026-3201
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
birkir prime to 0.4.0.beta.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-1172 is a denial of service vulnerability in birkir prime up to version 0.4.0.beta.0, caused by GraphQL directive overloading. In GraphQL queries, the same directive can be applied multiple times at the same location, and the server processes each instance independently. This can lead to excessive consumption of computing resources, causing resource exhaustion and denial of service by overloading the server with repeated directive processing. [1, 3]


How can this vulnerability impact me? :

This vulnerability can impact you by causing a denial of service (DoS) on the affected birkir prime server. An attacker can remotely exploit this issue without authentication by sending specially crafted GraphQL queries with repeated directives, leading to resource exhaustion and making the service unavailable. There are no known mitigations or patches, and the vulnerability remains unaddressed by the vendor, which means the service could be disrupted until an alternative solution is implemented. [1, 2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for GraphQL queries that contain repeated directives at the same location, such as multiple instances of the same directive (e.g., '@aa@aa@aa@aa@aa@aa@aa@aa@aa@aa'). You can capture and analyze GraphQL traffic to identify such patterns. Using tools like curl or HTTP clients, you can send crafted queries with repeated directives to test if the server is vulnerable. For example, a curl command to test might be: curl -X POST -H "Content-Type: application/json" --data '{"query":"{ someField @aa @aa @aa }"}' https://yourserver/graphql. Monitoring server logs for excessive resource consumption or denial of service symptoms when such queries are received can also help detect exploitation attempts. [1, 3]


What immediate steps should I take to mitigate this vulnerability?

Currently, there are no known patches or vendor responses to mitigate this vulnerability. Immediate steps include considering replacing the affected product (birkir prime ≀ 0.4.0.beta.0) with an alternative that is not vulnerable. Additionally, you can implement network-level protections such as rate limiting, input validation, or Web Application Firewall (WAF) rules to detect and block GraphQL queries with repeated directives to prevent resource exhaustion. Monitoring and alerting on unusual GraphQL query patterns can also help mitigate the impact until an official fix is available. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart