CVE-2026-1174
Resource Consumption Vulnerability in Birkir Prime GraphQL Alias Handler
Publication date: 2026-01-19
Last updated on: 2026-02-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| birkir | prime | to 0.4.0.beta.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1174 is a resource consumption vulnerability in birkir prime up to version 0.4.0.beta.0, specifically affecting the /graphql endpoint of the GraphQL Alias Handler component. It allows an attacker to overload a single GraphQL query by including multiple aliases of the same field or operation, causing the server to process many identical fields under different aliases. This leads to excessive resource usage, potentially exhausting system resources and impacting availability. The attack can be performed remotely without authentication, and a proof-of-concept exploit is publicly available. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can cause denial of service by exhausting system resources on the affected server, leading to reduced availability or complete unavailability of the service. Since the attack can be executed remotely without authentication, it poses a risk of service disruption to users relying on the affected birkir prime application. Additionally, it may allow attackers to bypass certain security restrictions by exploiting the alias overloading feature in GraphQL queries. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or excessive GraphQL queries to the /graphql endpoint that contain multiple aliases of the same field or operation, which is abnormal behavior. A practical detection method is to look for POST requests with GraphQL queries that include many aliases of the same field, such as __typename. For example, using curl, one can simulate or detect such queries by inspecting logs or traffic for queries similar to the proof-of-concept: a POST request with a JSON payload containing a query with over 100 aliases (alias0 to alias100) all requesting the __typename field. Specific commands to detect such activity would involve analyzing web server logs or network traffic for these patterns. However, no explicit detection commands are provided in the resources. [3]
What immediate steps should I take to mitigate this vulnerability?
There are no known patches or fixes for this vulnerability as of the disclosure date. Immediate mitigation steps include considering replacing the affected product (birkir prime up to 0.4.0.beta.0) with an alternative product not affected by this issue. Additionally, monitoring and limiting the complexity or number of aliases in GraphQL queries to the /graphql endpoint may help reduce risk. Since the attack can be executed remotely without authentication, restricting access to the endpoint or implementing rate limiting and query complexity analysis could be temporary mitigations until a fix is available. [1]