Primary

Context

Birkir Prime Information Disclosure Vulnerability in GraphQL API

Vulnerability

A vulnerability allowing information disclosure has been identified in Birkir Prime versions through 0.4.0.beta.0. This issue arises from the GraphQL API's handling of introspection queries, which can be exploited remotely to reveal the API's capabilities. The vulnerability has been publicly disclosed and is actively exploitable.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive information about the GraphQL API, including its structure and available operations.

Reproduction

The vulnerability can be reproduced by sending an introspection query to the GraphQL endpoint. This can be done using a tool like curl, with a POST request that includes the introspection query in the request body.

Added: Jan 19, 2026, 6:30 PM

Updated: Jan 19, 2026, 6:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

2.2

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Birkir Prime Information Disclosure Vulnerability in GraphQL API

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating