Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by dragonflydb

    CVE-2026-54341 (GCVE-0-2026-54341)

    Vulnerability from nvd – Published: 2026-06-26 16:42 – Updated: 2026-06-26 18:32
    VLAI
    Title
    Dragonfly: RESTORE operations may crash the server
    Summary
    Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command — a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    dragonflydb dragonfly Affected: < 1.39.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54341",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T18:31:59.890470Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T18:32:22.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dragonfly",
              "vendor": "dragonflydb",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.39.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB\u0027s listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command \u2014 a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T16:42:15.298Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9"
            },
            {
              "name": "https://github.com/dragonflydb/dragonfly/pull/7502",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/pull/7502"
            }
          ],
          "source": {
            "advisory": "GHSA-cwjr-j869-h8q9",
            "discovery": "UNKNOWN"
          },
          "title": "Dragonfly: RESTORE operations may crash the server"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54341",
        "datePublished": "2026-06-26T16:42:15.298Z",
        "dateReserved": "2026-06-12T19:23:22.317Z",
        "dateUpdated": "2026-06-26T18:32:22.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47206 (GCVE-0-2026-47206)

    Vulnerability from nvd – Published: 2026-06-26 16:39 – Updated: 2026-06-26 17:31
    VLAI
    Title
    Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer
    Summary
    Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    Impacted products
    Vendor Product Version
    dragonflydb dragonfly Affected: < 1.38.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47206",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T17:31:44.526254Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T17:31:48.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dragonflydb/dragonfly/issues/7328"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dragonfly",
              "vendor": "dragonflydb",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.38.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection\u0027s response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T16:40:13.402Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h"
            },
            {
              "name": "https://github.com/dragonflydb/dragonfly/issues/7328",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/issues/7328"
            },
            {
              "name": "https://github.com/dragonflydb/dragonfly/pull/7332",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/pull/7332"
            }
          ],
          "source": {
            "advisory": "GHSA-h77h-c6hc-qc9h",
            "discovery": "UNKNOWN"
          },
          "title": "Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-47206",
        "datePublished": "2026-06-26T16:39:27.710Z",
        "dateReserved": "2026-05-18T22:25:21.257Z",
        "dateUpdated": "2026-06-26T17:31:48.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52935 (GCVE-0-2025-52935)

    Vulnerability from nvd – Published: 2025-06-23 09:27 – Updated: 2025-06-23 12:29
    VLAI
    Title
    Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly
    Summary
    Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    dragonflydb dragonfly Affected: 1.30.1 (git)
    Affected: 1.30.0 (git)
    Affected: 1.28.18 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T12:29:18.862872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T12:29:54.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "src/redis/lua/struct"
              ],
              "product": "dragonfly",
              "programFiles": [
                "lua_struct.c"
              ],
              "repo": "https://github.com/dragonflydb/dragonfly",
              "vendor": "dragonflydb",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.30.1",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "1.30.0",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "1.28.18",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elua_struct.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.\u003c/p\u003e"
                }
              ],
              "value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C.\n\nThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T09:27:18.355Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch",
                "third-party-advisory"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/pull/4996"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/commit/473e002c848eb312f23d84114eb4951a7c4af5a1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2025-52935",
        "datePublished": "2025-06-23T09:27:18.355Z",
        "dateReserved": "2025-06-23T09:24:36.335Z",
        "dateUpdated": "2025-06-23T12:29:54.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26269 (GCVE-0-2025-26269)

    Vulnerability from nvd – Published: 2025-04-17 00:00 – Updated: 2025-04-23 16:08
    VLAI
    Summary
    DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    DragonflyDB Dragonfly Affected: 0 , ≤ 1.28.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26269",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T16:08:08.337663Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T16:08:25.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dragonflydb/dragonfly/issues/4468"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Dragonfly",
              "vendor": "DragonflyDB",
              "versions": [
                {
                  "lessThanOrEqual": "1.28.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-22T17:33:40.205Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dragonflydb/dragonfly/issues/4468"
            },
            {
              "url": "https://github.com/dragonflydb/dragonfly/commit/4612aec9a78e3f604e6fb19bee51acde89723308"
            },
            {
              "url": "https://gist.github.com/ankki-zsyang/d8215cf6e868d07546eaa5346a884ebd"
            }
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-26269",
        "datePublished": "2025-04-17T00:00:00.000Z",
        "dateReserved": "2025-02-07T00:00:00.000Z",
        "dateUpdated": "2025-04-23T16:08:25.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26268 (GCVE-0-2025-26268)

    Vulnerability from nvd – Published: 2025-04-17 00:00 – Updated: 2025-04-17 19:12
    VLAI
    Summary
    DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-392 - Missing Report of Error Condition
    Assigner
    Impacted products
    Vendor Product Version
    DragonflyDB Dragonfly Affected: 0 , < 1.27.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26268",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T19:12:28.473396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T19:12:46.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dragonflydb/dragonfly/issues/4466"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Dragonfly",
              "vendor": "DragonflyDB",
              "versions": [
                {
                  "lessThan": "1.27.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-392",
                  "description": "CWE-392 Missing Report of Error Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-17T17:48:47.667Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dragonflydb/dragonfly/issues/4466"
            },
            {
              "url": "https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243"
            },
            {
              "url": "https://github.com/dragonflydb/dragonfly/compare/v1.26.4...v1.27.0"
            }
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-26268",
        "datePublished": "2025-04-17T00:00:00.000Z",
        "dateReserved": "2025-02-07T00:00:00.000Z",
        "dateUpdated": "2025-04-17T19:12:46.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-54341 (GCVE-0-2026-54341)

    Vulnerability from cvelistv5 – Published: 2026-06-26 16:42 – Updated: 2026-06-26 18:32
    VLAI
    Title
    Dragonfly: RESTORE operations may crash the server
    Summary
    Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command — a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    dragonflydb dragonfly Affected: < 1.39.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54341",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T18:31:59.890470Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T18:32:22.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dragonfly",
              "vendor": "dragonflydb",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.39.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB\u0027s listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command \u2014 a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T16:42:15.298Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9"
            },
            {
              "name": "https://github.com/dragonflydb/dragonfly/pull/7502",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/pull/7502"
            }
          ],
          "source": {
            "advisory": "GHSA-cwjr-j869-h8q9",
            "discovery": "UNKNOWN"
          },
          "title": "Dragonfly: RESTORE operations may crash the server"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54341",
        "datePublished": "2026-06-26T16:42:15.298Z",
        "dateReserved": "2026-06-12T19:23:22.317Z",
        "dateUpdated": "2026-06-26T18:32:22.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47206 (GCVE-0-2026-47206)

    Vulnerability from cvelistv5 – Published: 2026-06-26 16:39 – Updated: 2026-06-26 17:31
    VLAI
    Title
    Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer
    Summary
    Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    Impacted products
    Vendor Product Version
    dragonflydb dragonfly Affected: < 1.38.9
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-47206",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T17:31:44.526254Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T17:31:48.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dragonflydb/dragonfly/issues/7328"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dragonfly",
              "vendor": "dragonflydb",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.38.9"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection\u0027s response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T16:40:13.402Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h"
            },
            {
              "name": "https://github.com/dragonflydb/dragonfly/issues/7328",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/issues/7328"
            },
            {
              "name": "https://github.com/dragonflydb/dragonfly/pull/7332",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/pull/7332"
            }
          ],
          "source": {
            "advisory": "GHSA-h77h-c6hc-qc9h",
            "discovery": "UNKNOWN"
          },
          "title": "Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-47206",
        "datePublished": "2026-06-26T16:39:27.710Z",
        "dateReserved": "2026-05-18T22:25:21.257Z",
        "dateUpdated": "2026-06-26T17:31:48.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52935 (GCVE-0-2025-52935)

    Vulnerability from cvelistv5 – Published: 2025-06-23 09:27 – Updated: 2025-06-23 12:29
    VLAI
    Title
    Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly
    Summary
    Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    References
    Impacted products
    Vendor Product Version
    dragonflydb dragonfly Affected: 1.30.1 (git)
    Affected: 1.30.0 (git)
    Affected: 1.28.18 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T12:29:18.862872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T12:29:54.589Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "src/redis/lua/struct"
              ],
              "product": "dragonfly",
              "programFiles": [
                "lua_struct.c"
              ],
              "repo": "https://github.com/dragonflydb/dragonfly",
              "vendor": "dragonflydb",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.30.1",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "1.30.0",
                  "versionType": "git"
                },
                {
                  "status": "affected",
                  "version": "1.28.18",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elua_struct.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.\u003c/p\u003e"
                }
              ],
              "value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C.\n\nThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T09:27:18.355Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch",
                "third-party-advisory"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/pull/4996"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/dragonflydb/dragonfly/commit/473e002c848eb312f23d84114eb4951a7c4af5a1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2025-52935",
        "datePublished": "2025-06-23T09:27:18.355Z",
        "dateReserved": "2025-06-23T09:24:36.335Z",
        "dateUpdated": "2025-06-23T12:29:54.589Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26269 (GCVE-0-2025-26269)

    Vulnerability from cvelistv5 – Published: 2025-04-17 00:00 – Updated: 2025-04-23 16:08
    VLAI
    Summary
    DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-191 - Integer Underflow (Wrap or Wraparound)
    Assigner
    Impacted products
    Vendor Product Version
    DragonflyDB Dragonfly Affected: 0 , ≤ 1.28.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26269",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T16:08:08.337663Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T16:08:25.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dragonflydb/dragonfly/issues/4468"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Dragonfly",
              "vendor": "DragonflyDB",
              "versions": [
                {
                  "lessThanOrEqual": "1.28.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-191",
                  "description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-22T17:33:40.205Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dragonflydb/dragonfly/issues/4468"
            },
            {
              "url": "https://github.com/dragonflydb/dragonfly/commit/4612aec9a78e3f604e6fb19bee51acde89723308"
            },
            {
              "url": "https://gist.github.com/ankki-zsyang/d8215cf6e868d07546eaa5346a884ebd"
            }
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-26269",
        "datePublished": "2025-04-17T00:00:00.000Z",
        "dateReserved": "2025-02-07T00:00:00.000Z",
        "dateUpdated": "2025-04-23T16:08:25.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26268 (GCVE-0-2025-26268)

    Vulnerability from cvelistv5 – Published: 2025-04-17 00:00 – Updated: 2025-04-17 19:12
    VLAI
    Summary
    DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-392 - Missing Report of Error Condition
    Assigner
    Impacted products
    Vendor Product Version
    DragonflyDB Dragonfly Affected: 0 , < 1.27.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26268",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T19:12:28.473396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T19:12:46.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dragonflydb/dragonfly/issues/4466"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Dragonfly",
              "vendor": "DragonflyDB",
              "versions": [
                {
                  "lessThan": "1.27.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-392",
                  "description": "CWE-392 Missing Report of Error Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-17T17:48:47.667Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dragonflydb/dragonfly/issues/4466"
            },
            {
              "url": "https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243"
            },
            {
              "url": "https://github.com/dragonflydb/dragonfly/compare/v1.26.4...v1.27.0"
            }
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-26268",
        "datePublished": "2025-04-17T00:00:00.000Z",
        "dateReserved": "2025-02-07T00:00:00.000Z",
        "dateUpdated": "2025-04-17T19:12:46.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }