CVE-2026-35413

When GRAPHQL INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries ( schema, type). However, the server specs graphql resolver on the /graphql/system endpoint returns an equivalent SDL representation of the schema and was not subject to the same restriction. This allowed the introspection control to be bypassed, exposing schema structure (collection names, field names, types, and relationships) to unauthenticated users at the public permission level, and to authenticated users at their permitted permission level.

Administrators who set GRAPHQL INTROSPECTION=false to hide schema structure from clients would have had a false sense of security, as equivalent schema information remained accessible via the SDL endpoint without authentication.

This vulnerability was discovered and reported by bugbunny.ai.