CVE-2026-1175
Unknown Unknown - Not Provided
Information Exposure via Error Message in Birkir Prime GraphQL Directive

Publication date: 2026-01-19

Last updated on: 2026-02-04

Assigner: VulDB

Description
A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-19
Last Modified
2026-02-04
Generated
2026-06-16
AI Q&A
2026-01-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1175
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
birkir prime to 0.4.0.beta.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1175 is an information disclosure vulnerability in birkir prime up to version 0.4.0.beta.0, specifically in the GraphQL Directive Handler at the /graphql endpoint. It allows attackers to extract sensitive information such as instruction names, parameters, and default values defined by the server through GraphQL introspection queries or error messages. This leakage reveals internal schema details, including authentication mechanisms, rate-limiting configurations, and sensitive field markings, which can be used to plan further targeted attacks. [1, 2, 3]

Impact Analysis

This vulnerability can impact you by exposing sensitive internal information about your GraphQL server's schema and security configurations. Attackers can use this information to understand your system's authentication and rate-limiting mechanisms, enabling them to craft precise and targeted attacks. Since the vulnerability can be exploited remotely without authentication and has a publicly available proof-of-concept exploit, it increases the risk of unauthorized information disclosure and potential subsequent attacks. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by sending crafted GraphQL introspection queries or error-triggering queries to the /graphql endpoint of the birkir prime server. For example, sending a POST request with a GraphQL query attempting to access the "__schema { directive }" field can reveal error messages that expose sensitive schema details. A sample command using curl would be: curl -X POST -H "Content-Type: application/json" --data '{"query":"{ __schema { directive } }"}' http://<target-server>/graphql. Observing error messages that leak directive or schema information indicates the presence of the vulnerability. [1]

Mitigation Strategies

Currently, no official response or mitigation has been provided by the project. Immediate steps include restricting access to the /graphql endpoint to trusted users or networks, implementing network-level controls such as firewalls or API gateways to limit exposure, and monitoring for suspicious GraphQL introspection queries or error messages. Considering replacing the affected birkir prime version with an alternative or waiting for an official patch is also advised. [3]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1175. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart