{"uuid": "4c585c3b-cce1-4c09-a13c-2d4e897d65f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41492", "type": "seen", "source": "https://bsky.app/profile/hexmortem.com/post/3ml6g7ouh6d2c", "content": "CVE-2026-41492 \u2014 Dgraph admin token leak.\n\nThe prior CVE was fixed by blocking /debug/pprof/cmdline. expvar auto-registers /debug/vars on the same default mux. cmdline leaks there too \u2014 three unauth GETs yield the token, one replay = admin.\n\nv25.3.3 filters cmdline out. Patch.", "creation_timestamp": "2026-05-06T09:46:56.229789Z"}