Description
A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-01-19
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch ASAP
AI Analysis

Impact

A vulnerability was identified in birkir prime versions up to 0.4.0.beta.0 that allows an attacker to manipulate the processing of the /graphql endpoint in the GraphQL API component, resulting in disclosure of sensitive information. The flaw can be triggered remotely, and the exploitation code has been published publicly. This leads to accidental exposure of internal data structures and potentially private user data, compromising confidentiality.

Affected Systems

The affected product is birkir:prime, specifically the GraphQL API of the Prime application. Versions up to 0.4.0.beta.0 are vulnerable. No other products or versions were listed as affected.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. EPSS is <1% meaning the likelihood of exploitation is low but not zero. The vulnerability is not listed in the CISA KEV catalog. Attackers can remotely trigger the flaw by sending crafted requests to the /graphql endpoint, and because the exploit is public, systems using an unpatched version are at risk.

Generated by OpenCVE AI on April 18, 2026 at 05:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade birkir prime to a version where the GraphQL API issue is fixed, if available.
  • Restrict access to the /graphql endpoint using firewall rules or network segmentation to limit exposure to trusted users.
  • If the GraphQL API is not required for your deployment, disable or remove the endpoint entirely.

Generated by OpenCVE AI on April 18, 2026 at 05:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:birkir:prime:*:*:*:*:*:*:*:*

Tue, 20 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Birkir
Birkir prime
Vendors & Products Birkir
Birkir prime

Mon, 19 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title birkir prime GraphQL API graphql information disclosure
Weaknesses CWE-200
CWE-284
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Birkir Prime
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:48:06.590Z

Reserved: 2026-01-19T07:15:30.901Z

Link: CVE-2026-1170

cve-icon Vulnrichment

Updated: 2026-01-20T21:39:53.046Z

cve-icon NVD

Status : Modified

Published: 2026-01-19T18:16:04.773

Modified: 2026-02-23T09:16:48.947

Link: CVE-2026-1170

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:15:15Z

Weaknesses