MEDIUMCVE-2026-1169CVSS 4.3

CVE-2026-1169: CSRF in birkir prime

Platform

other

Component

birkir-prime

Fixed in

0.4.1

AI Confidence: mediumNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

A cross-site request forgery (CSRF) vulnerability has been identified in birkir prime versions up to 0.4.0.beta.0. This flaw allows an attacker to trick a user into performing actions they did not intend, potentially leading to unauthorized modifications or data breaches. The vulnerability affects unknown code and is exploitable remotely. While a fix is pending, mitigation strategies can be implemented.

Impact and Attack Scenarios

The CSRF vulnerability in birkir prime allows an attacker to craft malicious requests that appear to originate from a legitimate user. Successful exploitation could result in unauthorized changes to user settings, data manipulation, or even account takeover, depending on the functionality exposed by the application. The remote nature of the vulnerability expands the potential attack surface, as attackers don't need local access to exploit it. Given the public disclosure and availability of an exploit, the risk of exploitation is elevated.

Exploitation Context

This vulnerability was publicly disclosed on 2026-01-19. A proof-of-concept exploit is available, indicating a moderate to high probability of exploitation. The project maintainers have been notified but have not yet responded, increasing the risk to users. It is not currently listed on CISA KEV.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.03% (9% percentile)

CISA SSVC

Exploitationpoc

Automatableno

Technical Impactpartial

CVSS Vector

Affected Software

Componentbirkir-prime

Vendorbirkir

Affected rangeFixed in

0.4.0.beta – 0.4.0.beta0.4.1

Weakness Classification (CWE)

CWE-352 CWE-862

Timeline

Reserved2026-01-19
Published2026-01-19
Modified2026-02-23
EPSS updated2026-03-23

Unpatched — 125 days since disclosure

Mitigation and Workarounds

Due to the lack of a released patch, immediate mitigation focuses on reducing the attack surface and detecting malicious requests. Implement a Web Application Firewall (WAF) with CSRF protection rules to filter out suspicious requests. Consider adding nonce tokens to sensitive actions to verify request authenticity. Regularly review and audit the application's code for potential CSRF vulnerabilities. Until a patch is available, restrict access to sensitive functionality and educate users about the risks of clicking on untrusted links.

How to fix

Update to a patched version, if available. Otherwise, review the affected code and apply necessary mitigations to prevent CSRF attacks. Consult the provided references for more details about the vulnerability and potential solutions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-1169 — CSRF in birkir prime?

CVE-2026-1169 is a cross-site request forgery (CSRF) vulnerability affecting birkir prime versions up to 0.4.0.beta.0, allowing attackers to perform unauthorized actions.

Am I affected by CVE-2026-1169 in birkir prime?

Yes, if you are using birkir prime version 0.4.0.beta–0.4.0.beta, you are potentially affected by this vulnerability.

How do I fix CVE-2026-1169 in birkir prime?

A patch is not yet available. Mitigate by implementing WAF rules, adding nonce tokens, and restricting access to sensitive functionality.

Is CVE-2026-1169 being actively exploited?

A public exploit exists, indicating a moderate to high probability of active exploitation.

Where can I find the official birkir prime advisory for CVE-2026-1169?

Check the birkir prime project's official website or repository for updates and advisories, although the maintainers have not yet responded to the vulnerability report.