Primary

Context

Directus GraphQL Introspection Bypass Vulnerability Allowing Schema Exposure

Vulnerability

A vulnerability in Directus versions prior to 11.16.1 allows for bypassing GraphQL introspection controls, exposing schema details through the 'server_specs_graphql' resolver on the '/graphql/system' endpoint. When 'GRAPHQL_INTROSPECTION=false' is set, Directus normally blocks standard introspection queries. However, the '/graphql/system' endpoint was not restricted, allowing unauthenticated users at the public permission level, and authenticated users at their permitted level, to access collection names, field names, types, and relationships.

Impact

This vulnerability could lead to unauthorized exposure of the GraphQL schema, including sensitive information about the database structure, to users who should not have access to it.

Remediation

Users can upgrade to Directus version 11.16.1 or later to address this vulnerability.

Added: Apr 6, 2026, 10:26 PM

Updated: Apr 6, 2026, 10:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.8

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Directus GraphQL Introspection Bypass Vulnerability Allowing Schema Exposure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating