CVE-2026-1170 is a medium-severity information disclosure vulnerability identified in birkir prime, an application framework or platform, affecting versions up to 0.4.0.beta.0. The vulnerability resides in the processing of the /graphql endpoint within the GraphQL API component. An attacker can remotely manipulate requests sent to this endpoint to cause unintended information disclosure. The vulnerability does not require any authentication, user interaction, or privileges, making it remotely exploitable over the network with low attack complexity. The disclosed information could potentially include sensitive internal data, configuration details, or other information that could aid further attacks. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) indicates network attack vector, low complexity, no privileges or user interaction needed, and partial impact on confidentiality only. The vendor birkir has been notified but has not yet responded or released a patch. No known exploits in the wild have been reported, but the exploit code is publicly available, increasing the risk of exploitation. Organizations using birkir prime, especially those exposing GraphQL APIs publicly, should consider this vulnerability a significant risk for data leakage.

For European organizations, the primary impact of CVE-2026-1170 is the potential unauthorized disclosure of sensitive information through the vulnerable GraphQL API endpoint. This could lead to exposure of internal system details, user data, or configuration information, which attackers might leverage to conduct further attacks such as privilege escalation, data theft, or service disruption. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and government, face increased compliance risks and reputational damage if sensitive data is leaked. The vulnerability's remote exploitability without authentication increases the attack surface, especially for publicly accessible APIs. Additionally, the lack of a vendor patch means organizations must rely on interim mitigations, increasing operational overhead. The medium severity rating suggests a moderate but non-critical risk, but the availability of public exploit code elevates the urgency for mitigation. Overall, this vulnerability could undermine confidentiality and trust in affected services across European enterprises.

1. Immediately restrict access to the /graphql endpoint by implementing network-level controls such as IP whitelisting, VPN-only access, or firewall rules to limit exposure to trusted users and systems. 2. Employ strict input validation and query complexity limiting on the GraphQL API to prevent malicious or malformed queries that could trigger information disclosure. 3. Monitor API logs and network traffic for unusual or suspicious GraphQL queries indicative of exploitation attempts. 4. If possible, disable or temporarily remove the vulnerable GraphQL API component until a vendor patch is available. 5. Engage with the birkir project or community to track patch releases and apply updates promptly once available. 6. Conduct internal security assessments and penetration tests focusing on GraphQL endpoints to identify any additional weaknesses. 7. Educate development and operations teams about the risks associated with exposing GraphQL APIs and best practices for secure API design. 8. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block exploitation attempts targeting this vulnerability.