Cyber Resilience

CVE-2026-1175

MediumPublic PoC

Published: 19 January 2026

Published
19 January 2026
Modified
04 February 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 20.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1175 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Birkir Prime. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Information Discovery (T1082); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and AC-4 (Information Flow Enforcement).

Deeper analysis

CVE-2026-1175 is a vulnerability in the birkir prime project, affecting versions up to 0.4.0.beta.0. It impacts an unknown function within the /graphql file of the GraphQL Directive Handler component, where manipulation results in information exposure through error messages. The issue aligns with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-209 (Generation of Error Message Containing Sensitive Information), carrying a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network with low complexity. Successful exploitation enables partial disclosure of confidential information via error messages, potentially revealing sensitive details about the application's internals or configuration.

Advisories reference the project's GitHub repository at https://github.com/birkir/prime/ and issue #546 at https://github.com/birkir/prime/issues/546, where the problem was reported early. VulDB entries (https://vuldb.com/?ctiid.341769, https://vuldb.com/?id.341769, https://vuldb.com/?submit.731106) note no response from the project maintainers and no patches or mitigations disclosed to date.

The exploit is publicly available and might be used in attacks, as the vulnerability was published on 2026-01-19.

EU & UK References

Vulnerability details

A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from…

more

remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Vulnerability is a remote info disclosure in a public-facing GraphQL endpoint; directly enables T1190 exploitation and T1082 system/configuration discovery via error messages.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1169Same product: Birkir Prime
CVE-2026-1171Same product: Birkir Prime
CVE-2026-1172Same product: Birkir Prime
CVE-2026-1174Same product: Birkir Prime
CVE-2026-1173Same product: Birkir Prime
CVE-2026-1194Shared CWE-200
CVE-2026-42552Shared CWE-209
CVE-2026-4020Shared CWE-200
CVE-2024-26477Shared CWE-200
CVE-2024-13796Shared CWE-200

Affected Assets

birkir
prime
≤ 0.4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires error messages to be sanitized so they do not contain sensitive application or configuration details, exactly mitigating the CWE-209 exposure in the GraphQL endpoint.

prevent

Enforces information-flow rules that can block unauthorized disclosure of internal data through error responses returned by the /graphql handler.

detect

Provides explicit monitoring for information-disclosure events, enabling detection of successful exploitation that leaks data via crafted GraphQL error messages.

References