10 matches found
CVE-2026-41328
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /debug/vars endpoint, which exposes the process command line including sensitive startup flags. An attacker can gain unauthorized access to admin-only endpoints by retrieving the admin token and replaying it...
CVE-2026-41492
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...
CVE-2026-41327
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a...
EUVD-2026-25599
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...
CVE-2026-41492
CVE-2026-41492 affects Dgraph Alpha prior to 25.3.3, where the unauthenticated /debug/vars endpoint exposes the process command line and, via the exposed admin token from startup flags, can be replayed in the X-Dgraph-AuthToken header to access admin-only endpoints. The issue is a variant of a pr...
CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a...
CVE-2026-41328
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...
CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...
PT-2026-35060
Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.3 Description Dgraph exposes the process command line through the unauthenticated '/debug/vars' endpoint on Alpha. Since the admin token is often provided via the --security startup flag, an unauthenticated attack...