CVE-2026-1173
Published: 19 January 2026
Summary
CVE-2026-1173 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Birkir Prime. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly implements denial-of-service protections such as rate limiting and traffic filtering to block remote exploitation of the GraphQL batch query handler vulnerability.
Protects system resources from exhaustion due to improper resource shutdown or release in the vulnerable GraphQL Array Based Query Batch Handler.
Ensures timely remediation of the known flaw in birkir prime versions up to 0.4.0.beta.0, including patching or workarounds despite lack of vendor response.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remotely exploitable denial-of-service condition in a public-facing GraphQL application component (CWE-404), directly enabling application exhaustion or crash via exploitation.
NVD Description
A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can…
more
be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-1173 is a denial-of-service vulnerability affecting birkir prime versions up to 0.4.0.beta.0. The issue resides in an unknown function within the /graphql file of the GraphQL Array Based Query Batch Handler component. Classified under CWE-404 (Improper Resource Shutdown or Release), it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity with low-impact availability disruption but no confidentiality or integrity effects.
The vulnerability can be exploited remotely by unauthenticated attackers with network access and no user interaction required. Successful manipulation triggers a denial of service, potentially disrupting service availability for affected instances.
Advisories from VulDB (ctiid.341767, id.341767) and the project's GitHub issue #544 document the flaw, noting that an exploit has been made public and could be used. The project was informed early via the issue report but has not responded or issued patches as of the CVE publication on 2026-01-19.
Notable context includes the public availability of the exploit and lack of vendor response, increasing risk for deployments using vulnerable versions of birkir prime.
Details
- CWE(s)