CVE-2026-35413 Overview
CVE-2026-35413 is an information disclosure vulnerability in Directus, a real-time API and App dashboard for managing SQL database content. When GRAPHQL_INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries (__schema, __type). However, the server_specs_graphql resolver on the /graphql/system endpoint returns an equivalent SDL (Schema Definition Language) representation of the schema and was not subject to the same restriction. This allowed the introspection control to be bypassed, exposing schema structure including collection names, field names, types, and relationships to unauthenticated users at the public permission level, and to authenticated users at their permitted permission level.
Critical Impact
Attackers can bypass GraphQL introspection controls to enumerate the complete database schema structure, potentially revealing sensitive information about the application's data model and relationships.
Affected Products
- Directus versions prior to 11.16.1
Discovery Timeline
- 2026-04-06 - CVE-2026-35413 published to NVD
- 2026-04-07 - Last updated in NVD database
Technical Details for CVE-2026-35413
Vulnerability Analysis
This vulnerability falls under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The core issue lies in an inconsistent security control implementation within Directus's GraphQL subsystem. While administrators can disable GraphQL introspection to hide schema details from potential attackers, the server_specs_graphql resolver provides an alternative path to obtain the same information.
The /graphql/system endpoint exposes a resolver that returns the complete GraphQL schema in SDL format. This endpoint was not included in the introspection restriction logic, creating a bypass that effectively negates the security benefit of disabling introspection. The vulnerability requires network access but no authentication or user interaction to exploit at the public permission level.
Root Cause
The root cause is an incomplete implementation of the introspection restriction feature. When the GRAPHQL_INTROSPECTION=false configuration option was introduced, the standard introspection mechanisms (__schema and __type queries) were properly blocked. However, the server_specs_graphql resolver, which provides an equivalent SDL representation of the schema, was not included in this restriction. This oversight created an alternative pathway to obtain schema information that circumvents the intended security control.
Attack Vector
An attacker can exploit this vulnerability by sending a GraphQL query to the /graphql/system endpoint targeting the server_specs_graphql resolver. Even when introspection is explicitly disabled in the Directus configuration, this resolver will return the complete GraphQL schema in SDL format.
The exposed schema information includes:
- Collection names (database table structures)
- Field names and their data types
- Relationships between collections
- Query and mutation definitions
This information can be leveraged to map out the entire data model of the application, identify sensitive collections, and craft targeted attacks against specific endpoints or data structures.
Detection Methods for CVE-2026-35413
Indicators of Compromise
- Unusual query patterns targeting the /graphql/system endpoint
- Requests specifically querying the server_specs_graphql resolver
- Multiple unauthenticated requests to GraphQL endpoints from unknown sources
- Log entries showing schema enumeration activity when introspection is disabled
Detection Strategies
- Monitor GraphQL endpoint access logs for queries to server_specs_graphql
- Implement alerting for unauthenticated access to the /graphql/system endpoint
- Review application logs for patterns indicating schema reconnaissance
- Deploy web application firewall rules to detect GraphQL introspection bypass attempts
Monitoring Recommendations
- Enable detailed logging on all GraphQL endpoints including /graphql/system
- Set up alerts for any access to server_specs_graphql resolver when introspection is disabled
- Monitor for bulk or scripted requests to GraphQL system endpoints
- Review access patterns from IP addresses that query schema-related resolvers
How to Mitigate CVE-2026-35413
Immediate Actions Required
- Upgrade Directus to version 11.16.1 or later immediately
- Review access logs for any prior exploitation of this vulnerability
- Assess whether sensitive schema information may have been exposed
- Consider restricting network access to the /graphql/system endpoint until patched
Patch Information
This vulnerability is fixed in Directus version 11.16.1. The patch ensures that the server_specs_graphql resolver respects the GRAPHQL_INTROSPECTION=false configuration setting, preventing unauthorized schema disclosure through this alternative pathway. For detailed information about the security fix, refer to the GitHub Security Advisory.
Workarounds
- Upgrade to Directus 11.16.1 as the primary mitigation
- Implement network-level access controls to restrict access to /graphql/system endpoint
- Use a reverse proxy or WAF to block requests to the server_specs_graphql resolver
- Restrict API access to authenticated users only if public access is not required
# Example: Block access to server_specs_graphql via nginx
location /graphql/system {
# Deny access to the system GraphQL endpoint for unauthenticated users
# Combine with authentication requirements as needed
if ($request_body ~* "server_specs_graphql") {
return 403;
}
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
