CVE-2026-1173
Denial of Service in Birkir Prime GraphQL Array Handler
Publication date: 2026-01-19
Last updated on: 2026-02-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| birkir | prime | to 0.4.0.beta.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a denial of service (DoS) by allowing attackers to overload the server with multiple GraphQL queries in a single request, impacting system availability. While this affects availability, there is no specific information provided about impacts on confidentiality or integrity of data, or direct effects on compliance with standards like GDPR or HIPAA. Therefore, the effect on compliance with such regulations is not explicitly detailed in the provided resources. [1, 2, 3]
Can you explain this vulnerability to me?
CVE-2026-1173 is a denial of service (DoS) vulnerability in birkir prime up to version 0.4.0.beta.0, specifically in its GraphQL implementation. The vulnerability occurs because the GraphQL server improperly supports receiving an array of queries within a single HTTP request instead of limiting requests to a single query. This allows attackers to batch multiple queries together in one request, which can overload the server by consuming excessive resources and cause service disruption. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by causing denial of service on the affected system. Attackers can remotely send specially crafted requests containing multiple GraphQL queries batched together, which overloads the server's resources and disrupts availability. This can lead to service outages or degraded performance, affecting users' ability to access the service. The attack requires no authentication and can be easily executed using publicly available proof-of-concept exploits. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for POST requests to the /graphql endpoint that contain a JSON array of multiple GraphQL queries in a single request, which is not typical behavior. A suggested detection method is to capture and inspect HTTP traffic for such batched queries. For example, using curl to simulate the exploit: curl -X POST -H "Content-Type: application/json" -d '[{"query":"query cop { __typename }"},{"query":"query cop { __typename }"}, ...]' http://target/graphql. Network intrusion detection systems (NIDS) can be configured to alert on POST requests with JSON arrays to /graphql. Additionally, log analysis on the server side for unusually high resource consumption or multiple queries in one request can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the ability of the GraphQL server to accept batched queries (i.e., arrays of queries in a single request) at the /graphql endpoint. Since no patches or official fixes are currently available, consider implementing rate limiting, request size limits, or firewall rules to block suspicious POST requests containing multiple queries. Monitoring and alerting on unusual traffic patterns targeting /graphql can help. If possible, replace the affected birkir prime version with an alternative product or version that does not have this vulnerability to avoid exploitation risks. [3]