Primary

Context

Birkir Prime Cross-Site Request Forgery Vulnerability in GraphQL Endpoint

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Birkir Prime versions through 0.4.0.beta.0. This vulnerability exists in the application's GraphQL endpoint, allowing attackers to exploit GET-based query requests. By manipulating GraphQL query parameters, attackers can craft malicious GET requests that trigger unauthorized actions against privileged users.

Impact

Exploitation of this vulnerability allows for cross-site request forgery attacks, where an attacker can perform actions on behalf of a privileged user without their consent.

Reproduction

To reproduce this vulnerability, send a GET request to the application's GraphQL endpoint with a crafted query that exploits the CSRF vulnerability. Include the appropriate headers to mimic a legitimate request.

Added: Jan 29, 2026, 8:32 PM

Updated: Jan 29, 2026, 8:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.1

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.1

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Birkir Prime Cross-Site Request Forgery Vulnerability in GraphQL Endpoint

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating