关键漏洞信息 CVE ID: CVE-2026-1174 Vulnerability: GraphQL Alias resource consumption Affected Versions: birkir prime up to 0.4.0.beta.0 Component: GraphQL Alias Handler Impact: Resource exhaustion due to improper handling of unknown function of the file Exploit Availability: Yes (Proof-of-concept) Exploit Price: $0-$5k CTI Interest Score: 4.12- (High interest from attackers and security community) CVSS Scores: - CVSS v3.1 Base Score: 5.3 - CVSS v2.0 Base Score: 5.0 Timeline: - 01/19/2026: Advisory disclosed and VulDB entry created/last update Sources: - GitHub - EUVD - SCIP Labs Additional Notes: The vulnerability is related to CWE-400 which indicates an issue with resource management. There is a proof-of-concept available and it can be exploited remotely. The vendor has been informed but has not responded yet to the issue reported.