CVE-2026-1173

MediumPublic PoC

Published: 19 January 2026

Published

19 January 2026

Modified

23 February 2026

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score 0.0014 33.0th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can…

be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Mitigating Controls (NIST 800-53 r5)AI

SC-5 Denial-of-service Protection good match

prevent

Directly implements denial-of-service protections such as rate limiting and traffic filtering to block remote exploitation of the GraphQL batch query handler vulnerability.

SC-6 Resource Availability good match

prevent

Protects system resources from exhaustion due to improper resource shutdown or release in the vulnerable GraphQL Array Based Query Batch Handler.

SI-2 Flaw Remediation good match

prevent

Ensures timely remediation of the known flaw in birkir prime versions up to 0.4.0.beta.0, including patching or workarounds despite lack of vendor response.

Security SummaryAI

CVE-2026-1173 is a denial-of-service vulnerability affecting birkir prime versions up to 0.4.0.beta.0. The issue resides in an unknown function within the /graphql file of the GraphQL Array Based Query Batch Handler component. Classified under CWE-404 (Improper Resource Shutdown or Release), it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity with low-impact availability disruption but no confidentiality or integrity effects.

The vulnerability can be exploited remotely by unauthenticated attackers with network access and no user interaction required. Successful manipulation triggers a denial of service, potentially disrupting service availability for affected instances.

Advisories from VulDB (ctiid.341767, id.341767) and the project's GitHub issue #544 document the flaw, noting that an exploit has been made public and could be used. The project was informed early via the issue report but has not responded or issued patches as of the CVE publication on 2026-01-19.

Notable context includes the public availability of the exploit and lack of vendor response, increasing risk for deployments using vulnerable versions of birkir prime.

Details

CWE(s): CWE-404

Affected Products

birkir

prime

≤ 0.4.0

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The vulnerability is a remotely exploitable denial-of-service condition in a public-facing GraphQL application component (CWE-404), directly enabling application exhaustion or crash via exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/birkir/prime/
cna@vuldb.com
https://github.com/birkir/prime/issues/544
Exploit, Issue Tracking, Vendor Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.341767
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.341767
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.731104
Third Party Advisory, VDB Entry · cna@vuldb.com