{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-1174","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-01-19T07:15:42.177Z","datePublished":"2026-01-19T20:02:05.914Z","dateUpdated":"2026-02-23T08:48:57.030Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-23T08:48:57.030Z"},"title":"birkir prime GraphQL Alias graphql resource consumption","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-400","lang":"en","description":"Resource Consumption"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-404","lang":"en","description":"Denial of Service"}]}],"affected":[{"vendor":"birkir","product":"prime","versions":[{"version":"0.4.0.beta","status":"affected"}],"modules":["GraphQL Alias Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-01-19T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-01-19T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-02-05T03:25:26.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"ZAST.AI (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.341768","name":"VDB-341768 | birkir prime GraphQL Alias graphql resource consumption","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.341768","name":"VDB-341768 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.731105","name":"Submit #731105 | birkir prime <=0.4.0 GraphQL Aliases Overloading Vulnerability","tags":["third-party-advisory"]},{"url":"https://github.com/birkir/prime/issues/545","tags":["exploit","issue-tracking"]},{"url":"https://github.com/birkir/prime/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-20T14:44:54.280746Z","id":"CVE-2026-1174","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-20T14:45:02.891Z"}}]}}