Skip to main content

CVE-2026-35413

MEDIUM
Information Exposure (CWE-200)
2026-04-04 https://github.com/directus/directus GHSA-wxwm-3fxv-mrvx
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Apr 04, 2026 - 08:30 nvd
Patch available
Analysis Generated
Apr 04, 2026 - 06:15 vuln.today
CVE Published
Apr 04, 2026 - 06:10 nvd
MEDIUM 5.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 3 npm packages depend on directus (1 direct, 2 indirect)

Ecosystem-wide dependent count for version 11.16.1.

DescriptionGitHub Advisory

Summary

When GRAPHQL_INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries (__schema, __type). However, the server_specs_graphql resolver on the /graphql/system endpoint returns an equivalent SDL representation of the schema and was not subject to the same restriction. This allowed the introspection control to be bypassed, exposing schema structure (collection names, field names, types, and relationships) to unauthenticated users at the public permission level, and to authenticated users at their permitted permission level.

Impact

Administrators who set GRAPHQL_INTROSPECTION=false to hide schema structure from clients would have had a false sense of security, as equivalent schema information remained accessible via the SDL endpoint without authentication.

Credit

This vulnerability was discovered and reported by bugbunny.ai.

AnalysisAI

Directus allows information disclosure of GraphQL schema structure via the /graphql/system endpoint when GRAPHQL_INTROSPECTION=false is configured, exposing collection names, field names, types, and relationships to unauthenticated users and authenticated users at their permission level. The vulnerability bypasses the introspection control mechanism by returning an equivalent SDL (Schema Definition Language) representation through the server_specs_graphql resolver, giving administrators a false sense of security while schema information remains publicly accessible.

Technical ContextAI

Directus is a Node.js-based headless CMS that exposes GraphQL APIs for content management. The vulnerability stems from CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), specifically an inconsistent security control implementation. The GRAPHQL_INTROSPECTION configuration is intended to disable the standard GraphQL introspection queries (__schema and __type), which are built into the GraphQL specification to allow clients to discover schema structure. However, the /graphql/system endpoint implements a separate server_specs_graphql resolver that returns the schema in SDL format-a functionally equivalent representation of the same schema information. Because this resolver was not subject to the same introspection restrictions, it bypassed the intended access control. The affected product is the directus npm package, which is the core headless CMS application.

RemediationAI

Update the Directus npm package to a patched version released by the Directus project. Consult the GitHub security advisory at https://github.com/directus/directus/security/advisories/GHSA-wxwm-3fxv-mrvx for the exact fix version and upgrade instructions. As a temporary workaround pending patching, administrators can restrict network access to the /graphql/system endpoint via firewall, API gateway, or reverse proxy rules to prevent unauthenticated access to the SDL resolver, though this should not be relied upon as a permanent mitigation.

Share

CVE-2026-35413 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy