CVE-2026-1170 is a medium-severity information disclosure vulnerability identified in the birkir prime software, specifically affecting versions up to 0.4.0.beta.0. The vulnerability resides in the processing of the /graphql endpoint of the GraphQL API component. By crafting and sending manipulated requests to this endpoint, an attacker can remotely trigger unintended information disclosure, potentially exposing sensitive data handled by the API. The vulnerability does not require any authentication or user interaction, making it accessible to unauthenticated remote attackers. The CVSS 4.0 vector indicates the attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to confidentiality (VC:L) without affecting integrity or availability. The vulnerability was responsibly disclosed early to the birkir project, but no patch or official response has been provided yet. The exploit code is publicly available, increasing the risk of exploitation, although no active exploitation has been reported. The lack of a patch and the public availability of an exploit make this a notable risk for organizations using birkir prime, especially those exposing the GraphQL API endpoint to untrusted networks. Given the nature of GraphQL APIs, attackers could leverage this vulnerability to extract sensitive information such as user data, configuration details, or other backend information that should remain confidential. The vulnerability highlights the importance of secure API design and input validation in GraphQL implementations.

The primary impact of CVE-2026-1170 is unauthorized disclosure of sensitive information via the GraphQL API endpoint. This can lead to leakage of confidential data, which may include user information, internal configuration, or other sensitive backend data. Such information disclosure can facilitate further attacks, including targeted phishing, credential theft, or exploitation of other vulnerabilities. Since the vulnerability requires no authentication and can be exploited remotely, any exposed birkir prime GraphQL API endpoint is at risk. Organizations relying on birkir prime for critical applications or handling sensitive data face increased risk of data breaches and compliance violations. The absence of a patch increases the window of exposure, and the public exploit availability raises the likelihood of opportunistic attacks. While the vulnerability does not affect system integrity or availability directly, the confidentiality breach alone can have severe reputational and operational consequences. This threat is particularly impactful for organizations with publicly accessible GraphQL APIs or those lacking network segmentation and strict access controls.

1. Immediately restrict access to the /graphql endpoint by implementing network-level controls such as IP whitelisting, VPN access, or firewall rules to limit exposure to trusted users only. 2. Deploy Web Application Firewalls (WAFs) with custom rules to detect and block suspicious or malformed GraphQL queries that could trigger the vulnerability. 3. Monitor API traffic closely for unusual patterns or spikes in requests to the /graphql endpoint, which may indicate exploitation attempts. 4. If possible, disable or limit the GraphQL API functionality temporarily until a patch or official fix is released by the birkir project. 5. Conduct a thorough audit of exposed data via the GraphQL API to understand what information could be leaked and apply data minimization principles. 6. Engage with the birkir project or community to obtain updates or unofficial patches and contribute to remediation efforts. 7. Implement strict input validation and query depth limiting on GraphQL queries to reduce the attack surface. 8. Prepare incident response plans to quickly address any detected exploitation attempts. These steps go beyond generic advice by focusing on immediate containment, traffic monitoring, and proactive API security hardening tailored to the GraphQL context.