CVE-2026-1171
Published: 19 January 2026
Summary
CVE-2026-1171 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Birkir Prime. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.
Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.
Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.
Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables remote exploitation of a public-facing GraphQL endpoint (T1190) to trigger application-level DoS via resource exhaustion (T1499.004).
NVD Description
A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched…
more
remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-1171 is a denial-of-service vulnerability in birkir prime versions up to 0.4.0.beta.0. The flaw affects an unknown function within the /graphql file of the GraphQL Field Handler component. Manipulation of this function can trigger a denial of service, as classified under CWE-404 (Improper Resource Shutdown or Denial of Service). The vulnerability carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity with low impact on availability but no effects on confidentiality or integrity.
The vulnerability can be exploited remotely by unauthenticated attackers with network access and no user interaction required. Successful exploitation leads to a denial-of-service condition, potentially disrupting service availability for affected instances of birkir prime.
Advisories from VulDB and the project's GitHub repository detail the issue, with an early report filed in birkir/prime issue #542. However, the project maintainers have not yet responded or issued patches, leaving affected versions unmitigated. No official vendor guidance on workarounds is available at this time.
An exploit for this vulnerability has been publicly disclosed and is available for use, increasing the risk of active exploitation against unpatched deployments.
Details
- CWE(s)