Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by dragonflydb
CVE-2026-54341 (GCVE-0-2026-54341)
Vulnerability from nvd – Published: 2026-06-26 16:42 – Updated: 2026-06-26 18:32
VLAI
EPSS
VEX
Title
Dragonfly: RESTORE operations may crash the server
Summary
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command — a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/dragonflydb/dragonfly/security… | x_refsource_CONFIRM |
| https://github.com/dragonflydb/dragonfly/pull/7502 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dragonflydb | dragonfly |
Affected:
< 1.39.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54341",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T18:31:59.890470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T18:32:22.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dragonfly",
"vendor": "dragonflydb",
"versions": [
{
"status": "affected",
"version": "\u003c 1.39.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB\u0027s listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command \u2014 a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T16:42:15.298Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9"
},
{
"name": "https://github.com/dragonflydb/dragonfly/pull/7502",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dragonflydb/dragonfly/pull/7502"
}
],
"source": {
"advisory": "GHSA-cwjr-j869-h8q9",
"discovery": "UNKNOWN"
},
"title": "Dragonfly: RESTORE operations may crash the server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54341",
"datePublished": "2026-06-26T16:42:15.298Z",
"dateReserved": "2026-06-12T19:23:22.317Z",
"dateUpdated": "2026-06-26T18:32:22.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47206 (GCVE-0-2026-47206)
Vulnerability from nvd – Published: 2026-06-26 16:39 – Updated: 2026-06-26 17:31
VLAI
EPSS
VEX
Title
Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer
Summary
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/dragonflydb/dragonfly/security… | x_refsource_CONFIRM |
| https://github.com/dragonflydb/dragonfly/issues/7328 | x_refsource_MISC |
| https://github.com/dragonflydb/dragonfly/pull/7332 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dragonflydb | dragonfly |
Affected:
< 1.38.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T17:31:44.526254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:31:48.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dragonflydb/dragonfly/issues/7328"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dragonfly",
"vendor": "dragonflydb",
"versions": [
{
"status": "affected",
"version": "\u003c 1.38.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection\u0027s response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T16:40:13.402Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h"
},
{
"name": "https://github.com/dragonflydb/dragonfly/issues/7328",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dragonflydb/dragonfly/issues/7328"
},
{
"name": "https://github.com/dragonflydb/dragonfly/pull/7332",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dragonflydb/dragonfly/pull/7332"
}
],
"source": {
"advisory": "GHSA-h77h-c6hc-qc9h",
"discovery": "UNKNOWN"
},
"title": "Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47206",
"datePublished": "2026-06-26T16:39:27.710Z",
"dateReserved": "2026-05-18T22:25:21.257Z",
"dateUpdated": "2026-06-26T17:31:48.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52935 (GCVE-0-2025-52935)
Vulnerability from nvd – Published: 2025-06-23 09:27 – Updated: 2025-06-23 12:29
VLAI
EPSS
VEX
Title
Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly
Summary
Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C.
This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/dragonflydb/dragonfly/pull/4996 | patchthird-party-advisory |
| https://github.com/dragonflydb/dragonfly/commit/4… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dragonflydb | dragonfly |
Affected:
1.30.1
(git)
Affected: 1.30.0 (git) Affected: 1.28.18 (git) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T12:29:18.862872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:29:54.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"src/redis/lua/struct"
],
"product": "dragonfly",
"programFiles": [
"lua_struct.c"
],
"repo": "https://github.com/dragonflydb/dragonfly",
"vendor": "dragonflydb",
"versions": [
{
"status": "affected",
"version": "1.30.1",
"versionType": "git"
},
{
"status": "affected",
"version": "1.30.0",
"versionType": "git"
},
{
"status": "affected",
"version": "1.28.18",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elua_struct.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.\u003c/p\u003e"
}
],
"value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C.\n\nThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:27:18.355Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch",
"third-party-advisory"
],
"url": "https://github.com/dragonflydb/dragonfly/pull/4996"
},
{
"tags": [
"patch"
],
"url": "https://github.com/dragonflydb/dragonfly/commit/473e002c848eb312f23d84114eb4951a7c4af5a1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-52935",
"datePublished": "2025-06-23T09:27:18.355Z",
"dateReserved": "2025-06-23T09:24:36.335Z",
"dateUpdated": "2025-06-23T12:29:54.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26269 (GCVE-0-2025-26269)
Vulnerability from nvd – Published: 2025-04-17 00:00 – Updated: 2025-04-23 16:08
VLAI
EPSS
VEX
Summary
DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DragonflyDB | Dragonfly |
Affected:
0 , ≤ 1.28.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26269",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:08:08.337663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:08:25.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dragonflydb/dragonfly/issues/4468"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Dragonfly",
"vendor": "DragonflyDB",
"versions": [
{
"lessThanOrEqual": "1.28.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:33:40.205Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dragonflydb/dragonfly/issues/4468"
},
{
"url": "https://github.com/dragonflydb/dragonfly/commit/4612aec9a78e3f604e6fb19bee51acde89723308"
},
{
"url": "https://gist.github.com/ankki-zsyang/d8215cf6e868d07546eaa5346a884ebd"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26269",
"datePublished": "2025-04-17T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:08:25.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26268 (GCVE-0-2025-26268)
Vulnerability from nvd – Published: 2025-04-17 00:00 – Updated: 2025-04-17 19:12
VLAI
EPSS
VEX
Summary
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-392 - Missing Report of Error Condition
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DragonflyDB | Dragonfly |
Affected:
0 , < 1.27.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26268",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T19:12:28.473396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T19:12:46.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dragonflydb/dragonfly/issues/4466"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dragonfly",
"vendor": "DragonflyDB",
"versions": [
{
"lessThan": "1.27.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-392",
"description": "CWE-392 Missing Report of Error Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:48:47.667Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dragonflydb/dragonfly/issues/4466"
},
{
"url": "https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243"
},
{
"url": "https://github.com/dragonflydb/dragonfly/compare/v1.26.4...v1.27.0"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26268",
"datePublished": "2025-04-17T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-04-17T19:12:46.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-54341 (GCVE-0-2026-54341)
Vulnerability from cvelistv5 – Published: 2026-06-26 16:42 – Updated: 2026-06-26 18:32
VLAI
EPSS
VEX
Title
Dragonfly: RESTORE operations may crash the server
Summary
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command — a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/dragonflydb/dragonfly/security… | x_refsource_CONFIRM |
| https://github.com/dragonflydb/dragonfly/pull/7502 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dragonflydb | dragonfly |
Affected:
< 1.39.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54341",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T18:31:59.890470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T18:32:22.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dragonfly",
"vendor": "dragonflydb",
"versions": [
{
"status": "affected",
"version": "\u003c 1.39.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB\u0027s listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command \u2014 a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T16:42:15.298Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-cwjr-j869-h8q9"
},
{
"name": "https://github.com/dragonflydb/dragonfly/pull/7502",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dragonflydb/dragonfly/pull/7502"
}
],
"source": {
"advisory": "GHSA-cwjr-j869-h8q9",
"discovery": "UNKNOWN"
},
"title": "Dragonfly: RESTORE operations may crash the server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54341",
"datePublished": "2026-06-26T16:42:15.298Z",
"dateReserved": "2026-06-12T19:23:22.317Z",
"dateUpdated": "2026-06-26T18:32:22.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47206 (GCVE-0-2026-47206)
Vulnerability from cvelistv5 – Published: 2026-06-26 16:39 – Updated: 2026-06-26 17:31
VLAI
EPSS
VEX
Title
Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer
Summary
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/dragonflydb/dragonfly/security… | x_refsource_CONFIRM |
| https://github.com/dragonflydb/dragonfly/issues/7328 | x_refsource_MISC |
| https://github.com/dragonflydb/dragonfly/pull/7332 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dragonflydb | dragonfly |
Affected:
< 1.38.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T17:31:44.526254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T17:31:48.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dragonflydb/dragonfly/issues/7328"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dragonfly",
"vendor": "dragonflydb",
"versions": [
{
"status": "affected",
"version": "\u003c 1.38.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection\u0027s response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T16:40:13.402Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h"
},
{
"name": "https://github.com/dragonflydb/dragonfly/issues/7328",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dragonflydb/dragonfly/issues/7328"
},
{
"name": "https://github.com/dragonflydb/dragonfly/pull/7332",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dragonflydb/dragonfly/pull/7332"
}
],
"source": {
"advisory": "GHSA-h77h-c6hc-qc9h",
"discovery": "UNKNOWN"
},
"title": "Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47206",
"datePublished": "2026-06-26T16:39:27.710Z",
"dateReserved": "2026-05-18T22:25:21.257Z",
"dateUpdated": "2026-06-26T17:31:48.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52935 (GCVE-0-2025-52935)
Vulnerability from cvelistv5 – Published: 2025-06-23 09:27 – Updated: 2025-06-23 12:29
VLAI
EPSS
VEX
Title
Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly
Summary
Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C.
This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/dragonflydb/dragonfly/pull/4996 | patchthird-party-advisory |
| https://github.com/dragonflydb/dragonfly/commit/4… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dragonflydb | dragonfly |
Affected:
1.30.1
(git)
Affected: 1.30.0 (git) Affected: 1.28.18 (git) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T12:29:18.862872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:29:54.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"src/redis/lua/struct"
],
"product": "dragonfly",
"programFiles": [
"lua_struct.c"
],
"repo": "https://github.com/dragonflydb/dragonfly",
"vendor": "dragonflydb",
"versions": [
{
"status": "affected",
"version": "1.30.1",
"versionType": "git"
},
{
"status": "affected",
"version": "1.30.0",
"versionType": "git"
},
{
"status": "affected",
"version": "1.28.18",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TITAN Team (titancaproject@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elua_struct.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.\u003c/p\u003e"
}
],
"value": "Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C.\n\nThis issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T09:27:18.355Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"tags": [
"patch",
"third-party-advisory"
],
"url": "https://github.com/dragonflydb/dragonfly/pull/4996"
},
{
"tags": [
"patch"
],
"url": "https://github.com/dragonflydb/dragonfly/commit/473e002c848eb312f23d84114eb4951a7c4af5a1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-52935",
"datePublished": "2025-06-23T09:27:18.355Z",
"dateReserved": "2025-06-23T09:24:36.335Z",
"dateUpdated": "2025-06-23T12:29:54.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26269 (GCVE-0-2025-26269)
Vulnerability from cvelistv5 – Published: 2025-04-17 00:00 – Updated: 2025-04-23 16:08
VLAI
EPSS
VEX
Summary
DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DragonflyDB | Dragonfly |
Affected:
0 , ≤ 1.28.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26269",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:08:08.337663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:08:25.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dragonflydb/dragonfly/issues/4468"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Dragonfly",
"vendor": "DragonflyDB",
"versions": [
{
"lessThanOrEqual": "1.28.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:33:40.205Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dragonflydb/dragonfly/issues/4468"
},
{
"url": "https://github.com/dragonflydb/dragonfly/commit/4612aec9a78e3f604e6fb19bee51acde89723308"
},
{
"url": "https://gist.github.com/ankki-zsyang/d8215cf6e868d07546eaa5346a884ebd"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26269",
"datePublished": "2025-04-17T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:08:25.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26268 (GCVE-0-2025-26268)
Vulnerability from cvelistv5 – Published: 2025-04-17 00:00 – Updated: 2025-04-17 19:12
VLAI
EPSS
VEX
Summary
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-392 - Missing Report of Error Condition
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DragonflyDB | Dragonfly |
Affected:
0 , < 1.27.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26268",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T19:12:28.473396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T19:12:46.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/dragonflydb/dragonfly/issues/4466"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dragonfly",
"vendor": "DragonflyDB",
"versions": [
{
"lessThan": "1.27.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-392",
"description": "CWE-392 Missing Report of Error Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:48:47.667Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dragonflydb/dragonfly/issues/4466"
},
{
"url": "https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243"
},
{
"url": "https://github.com/dragonflydb/dragonfly/compare/v1.26.4...v1.27.0"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-26268",
"datePublished": "2025-04-17T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-04-17T19:12:46.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}