CVE-2026-1171
Published: 19 January 2026
Summary
CVE-2026-1171 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Birkir Prime. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-1171 is a denial-of-service vulnerability in birkir prime versions up to 0.4.0.beta.0. The flaw affects an unknown function within the /graphql file of the GraphQL Field Handler component. Manipulation of this function can trigger a denial of service, as classified under CWE-404 (Improper Resource Shutdown or Denial of Service). The vulnerability carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity with low impact on availability but no effects on confidentiality or integrity.
The vulnerability can be exploited remotely by unauthenticated attackers with network access and no user interaction required. Successful exploitation leads to a denial-of-service condition, potentially disrupting service availability for affected instances of birkir prime.
Advisories from VulDB and the project's GitHub repository detail the issue, with an early report filed in birkir/prime issue #542. However, the project maintainers have not yet responded or issued patches, leaving affected versions unmitigated. No official vendor guidance on workarounds is available at this time.
An exploit for this vulnerability has been publicly disclosed and is available for use, increasing the risk of active exploitation against unpatched deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3198
Vulnerability details
A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched…
more
remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables remote exploitation of a public-facing GraphQL endpoint (T1190) to trigger application-level DoS via resource exhaustion (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements protections against resource-exhaustion attacks targeting the unauthenticated /graphql endpoint described in CVE-2026-1171.
Enforces access-control policy on the GraphQL Field Handler so that unauthenticated remote manipulation is blocked before it can trigger the DoS condition.
Requires validation of GraphQL field inputs, directly addressing the manipulation vector that leads to improper resource shutdown in the vulnerable handler.