CVE-2026-1175

5.3 MEDIUM

📋 TL;DR

This vulnerability in birkir prime's GraphQL Directive Handler allows remote attackers to extract sensitive information through error messages. It affects all systems running birkir prime up to version 0.4.0.beta.0 with the GraphQL component exposed. The exploit is publicly available, increasing the risk of exploitation.

💻 Affected Systems

Products:
  • birkir prime
Versions: Up to and including 0.4.0.beta.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with GraphQL component enabled and accessible. The /graphql endpoint must be exposed.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract sensitive system information, configuration details, or internal data structures through verbose error messages, potentially enabling further attacks.

🟠

Likely Case

Information disclosure revealing internal system details, API structures, or configuration data that could aid in reconnaissance for additional attacks.

🟢

If Mitigated

Limited exposure of non-critical system information with proper error handling and access controls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit involves manipulating GraphQL queries to trigger verbose error messages. Public exploit code is referenced in the issue report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor the GitHub repository for updates. Consider upgrading to any future version beyond 0.4.0.beta.0 once available.

🔧 Temporary Workarounds

Disable GraphQL endpoint

all

Disable or restrict access to the /graphql endpoint if not required

Configure application to disable GraphQL component or restrict access via firewall/access controls

Implement error message sanitization

all

Configure application to return generic error messages without sensitive details

Configure error handling to return minimal, non-informative error responses

🧯 If You Can't Patch

  • Implement network segmentation and restrict access to GraphQL endpoints to trusted sources only
  • Deploy a Web Application Firewall (WAF) with rules to detect and block GraphQL information disclosure attempts

🔍 How to Verify

Check if Vulnerable:

Check if running birkir prime version 0.4.0.beta.0 or earlier with GraphQL enabled. Test by sending malformed GraphQL queries to /graphql endpoint and checking for verbose error responses.

Check Version:

Check package.json or application configuration for birkir prime version

Verify Fix Applied:

Verify that error messages no longer contain sensitive system information when sending malformed GraphQL queries.

📡 Detection & Monitoring

Log Indicators:

  • Unusual GraphQL query patterns
  • Multiple error responses from /graphql endpoint
  • Requests with malformed GraphQL syntax

Network Indicators:

  • Unusual traffic to /graphql endpoint
  • Repeated GraphQL error responses

SIEM Query:

source="web_server" AND (uri_path="/graphql" AND status_code>=400) | stats count by src_ip

📊 Metadata

CVE ID: CVE-2026-1175
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200
Published: January 19, 2026
Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1175, you might also want to check these:

CVE-2025-61917 7.7

This vulnerability in n8n workflow automation platform allows uninitialized memory allocation via Bu...

Same vulnerability type (CWE-200)
CVE-2025-8590 7.5

This vulnerability allows unauthorized actors to access directory listings in AKCE Software Technolo...

Same vulnerability type (CWE-200)
CVE-2026-1170 5.3

This vulnerability in birkir prime's GraphQL API allows remote attackers to access sensitive informa...

Same vulnerability type (CWE-200)