{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35413", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-02T17:03:42.075Z", "datePublished": "2026-04-06T21:34:32.683Z", "dateUpdated": "2026-04-06T21:34:32.683Z"}, "containers": {"cna": {"title": "Directus GraphQL Schema SDL Disclosure Setting", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/directus/directus/security/advisories/GHSA-wxwm-3fxv-mrvx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/directus/directus/security/advisories/GHSA-wxwm-3fxv-mrvx"}], "affected": [{"vendor": "directus", "product": "directus", "versions": [{"version": "< 11.16.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T21:34:32.683Z"}, "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQL_INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries (__schema, __type). However, the server_specs_graphql resolver on the /graphql/system endpoint returns an equivalent SDL representation of the schema and was not subject to the same restriction. This allowed the introspection control to be bypassed, exposing schema structure (collection names, field names, types, and relationships) to unauthenticated users at the public permission level, and to authenticated users at their permitted permission level. This vulnerability is fixed in 11.16.1."}], "source": {"advisory": "GHSA-wxwm-3fxv-mrvx", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQL_INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries (__schema, __type). However, the server_specs_graphql resolver on the /graphql/system endpoint returns an equivalent SDL representation of the schema and was not subject to the same restriction. This allowed the introspection control to be bypassed, exposing schema structure (collection names, field names, types, and relationships) to unauthenticated users at the public permission level, and to authenticated users at their permitted permission level. This vulnerability is fixed in 11.16.1."}], "id": "CVE-2026-35413", "lastModified": "2026-04-06T22:16:22.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-06T22:16:22.540", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/directus/directus/security/advisories/GHSA-wxwm-3fxv-mrvx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,11.16.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "directus", "source": "cna", "vendor": "directus"}, "product": "directus", "vendor": "directus"}], "analysis": {"en": {"generated_at": "2026-04-07T01:57:37.422898+00:00", "value": {"mitigation_remediation": ["Update Directus to version 11.16.1 or later to fix the schema discovery flaw.", "Verify that the GRAPHQL_INTROSPECTION configuration is enabled if a newer update is unavailable.", "Restrict network access to the /graphql/system endpoint to trusted clients or internal networks.", "Review your GraphQL permissions and consider disabling the server_specs_graphql resolver if you do not require schema visibility.", "Regularly monitor Directus security advisories for new patches."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Directus installations running any version earlier than 11.16.1 are vulnerable. The flaw is present in the server component that serves the /graphql/system endpoint and affects all deployments where the GRAPHQL_INTROSPECTION setting is disabled. Both public permissions and user\u2011specific permissions allow the schema disclosure, so any user with access to the GraphQL API is impacted.", "description_and_impact": "Directus, a real\u2011time API and app dashboard for managing SQL databases, contains a logic flaw that allows unauthorized disclosure of its GraphQL schema. When the configuration variable GRAPHQL_INTROSPECTION is set to false, the system normally blocks standard GraphQL introspection queries such as __schema and __type. Nevertheless, a separate resolver \u2013 server_specs_graphql \u2013 exposed on the /graphql/system endpoint still returns a complete SDL representation of the schema. Because this resolver is not subject to the introspection guard, unauthenticated visitors can retrieve detailed information about the collection names, field names, types, and relationships. Authenticated users can learn the same information limited only by their permission level. The exposed data does not contain actual content but reveals the internal data model, which could support further attacks.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 5.3, indicating moderate severity. No EPSS score is available, and the issue is not catalogued in CISA\u2019s KEV list. Exploitation requires only network access to the GraphQL endpoint; an attacker who can reach /graphql/system can pull the schema by sending a simple request. Because the information exposed is structural rather than specific content, the immediate risk to confidentiality is limited, but it can aid attackers in mapping database tables, fields, and their relationships, potentially facilitating later injection or privilege escalation attacks. The easiest attack vector is through the public GraphQL API, and the lack of authentication or permission checks means that any visitor, even without credentials, can trigger the disclosure."}}}}, "created": "2026-04-07T06:53:47.014198+00:00", "updated": "2026-04-07T09:36:45.254384+00:00", "vendors": ["directus", "directus$PRODUCT$directus"]}