Cyber Resilience

CVE-2026-1173

MediumPublic PoC

Published: 19 January 2026

Published
19 January 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0068 47.5th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-1173 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Birkir Prime. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 47.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2026-1173 is a denial-of-service vulnerability affecting birkir prime versions up to 0.4.0.beta.0. The issue resides in an unknown function within the /graphql file of the GraphQL Array Based Query Batch Handler component. Classified under CWE-404 (Improper Resource Shutdown or Release), it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity with low-impact availability disruption but no confidentiality or integrity effects.

The vulnerability can be exploited remotely by unauthenticated attackers with network access and no user interaction required. Successful manipulation triggers a denial of service, potentially disrupting service availability for affected instances.

Advisories from VulDB (ctiid.341767, id.341767) and the project's GitHub issue #544 document the flaw, noting that an exploit has been made public and could be used. The project was informed early via the issue report but has not responded or issued patches as of the CVE publication on 2026-01-19.

Notable context includes the public availability of the exploit and lack of vendor response, increasing risk for deployments using vulnerable versions of birkir prime.

EU & UK References

Vulnerability details

A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can…

more

be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability is a remotely exploitable denial-of-service condition in a public-facing GraphQL application component (CWE-404), directly enabling application exhaustion or crash via exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-1172Same product: Birkir Prime
CVE-2026-1174Same product: Birkir Prime
CVE-2026-1171Same product: Birkir Prime
CVE-2026-1169Same product: Birkir Prime
CVE-2026-1175Same product: Birkir Prime
CVE-2025-15529Shared CWE-404
CVE-2026-1587Shared CWE-404
CVE-2026-1586Shared CWE-404
CVE-2026-4240Shared CWE-404
CVE-2025-1893Shared CWE-404

Affected Assets

birkir
prime
≤ 0.4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements denial-of-service protections such as rate limiting and traffic filtering to block remote exploitation of the GraphQL batch query handler vulnerability.

prevent

Protects system resources from exhaustion due to improper resource shutdown or release in the vulnerable GraphQL Array Based Query Batch Handler.

prevent

Ensures timely remediation of the known flaw in birkir prime versions up to 0.4.0.beta.0, including patching or workarounds despite lack of vendor response.

References