CVE-2026-1175
Published: 19 January 2026
Summary
CVE-2026-1175 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Birkir Prime. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Information Discovery (T1082); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and AC-4 (Information Flow Enforcement).
Deeper analysis
CVE-2026-1175 is a vulnerability in the birkir prime project, affecting versions up to 0.4.0.beta.0. It impacts an unknown function within the /graphql file of the GraphQL Directive Handler component, where manipulation results in information exposure through error messages. The issue aligns with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-209 (Generation of Error Message Containing Sensitive Information), carrying a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network with low complexity. Successful exploitation enables partial disclosure of confidential information via error messages, potentially revealing sensitive details about the application's internals or configuration.
Advisories reference the project's GitHub repository at https://github.com/birkir/prime/ and issue #546 at https://github.com/birkir/prime/issues/546, where the problem was reported early. VulDB entries (https://vuldb.com/?ctiid.341769, https://vuldb.com/?id.341769, https://vuldb.com/?submit.731106) note no response from the project maintainers and no patches or mitigations disclosed to date.
The exploit is publicly available and might be used in attacks, as the vulnerability was published on 2026-01-19.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3194
Vulnerability details
A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from…
more
remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability is a remote info disclosure in a public-facing GraphQL endpoint; directly enables T1190 exploitation and T1082 system/configuration discovery via error messages.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires error messages to be sanitized so they do not contain sensitive application or configuration details, exactly mitigating the CWE-209 exposure in the GraphQL endpoint.
Enforces information-flow rules that can block unauthorized disclosure of internal data through error responses returned by the /graphql handler.
Provides explicit monitoring for information-disclosure events, enabling detection of successful exploitation that leaks data via crafted GraphQL error messages.