CVE-2026-1170 is a medium-severity information disclosure vulnerability identified in birkir prime, an open-source or commercial software product, affecting versions up to 0.4.0.beta.0. The vulnerability resides in the processing logic of the /graphql endpoint of the GraphQL API component. An attacker can remotely send crafted requests to this endpoint without requiring authentication or user interaction, triggering unintended information disclosure. The exact nature of the leaked data is unspecified but could include sensitive internal application data or user information accessible via the API. The vulnerability is exploitable over the network with low attack complexity and no privileges required, increasing the risk profile. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) confirms that the attack is network-based, requires no authentication, and results in low-impact confidentiality loss. The vendor was informed early but has not yet released a patch or mitigation guidance. The exploit code is publicly available, which could facilitate exploitation by threat actors. Organizations using birkir prime should consider this vulnerability a significant risk to confidentiality and take immediate protective measures.

For European organizations, the primary impact of CVE-2026-1170 is unauthorized disclosure of potentially sensitive data through the GraphQL API. This could lead to exposure of internal system details, user data, or business-critical information, which may facilitate further attacks such as social engineering, privilege escalation, or targeted intrusion. Industries handling sensitive personal data (e.g., finance, healthcare, government) are particularly vulnerable to reputational damage and regulatory penalties under GDPR if such data is leaked. The vulnerability's remote and unauthenticated nature increases the attack surface, especially for organizations exposing the /graphql endpoint to the internet without adequate access controls. Although no active exploitation is currently reported, the public availability of exploit code raises the risk of opportunistic attacks. The lack of vendor response and patch availability prolongs exposure, necessitating immediate compensating controls. Overall, the vulnerability threatens confidentiality and could indirectly impact integrity and availability if leveraged as part of a broader attack chain.

1. Immediately restrict external access to the /graphql endpoint by implementing network-level controls such as firewalls, VPNs, or IP whitelisting to limit exposure to trusted users only. 2. Deploy Web Application Firewalls (WAFs) with custom rules to detect and block suspicious or malformed GraphQL queries that could trigger the vulnerability. 3. Conduct thorough logging and monitoring of GraphQL API requests to identify anomalous patterns indicative of exploitation attempts. 4. If possible, disable or limit the use of the vulnerable GraphQL API until a vendor patch is available. 5. Review and minimize the data exposed via the GraphQL API schema to reduce the impact of any potential disclosure. 6. Engage with the vendor or community to track patch releases or security advisories and apply updates promptly once available. 7. Perform internal security assessments and penetration tests focusing on the GraphQL API to identify and remediate related weaknesses. 8. Educate development and operations teams about secure GraphQL API practices and the risks associated with exposing sensitive data. These steps go beyond generic advice by focusing on immediate access restrictions, active monitoring, and schema hardening tailored to this specific vulnerability.