CVE-2026-27598
CVE-2026-27598 affects Dagu up to version 1.16.7. The issue is in the CreateNewDAG API (POST /api/v1/dags) where DAG name validation is skipped before writing to the file store, allowing an authenticated user with DAG write permissions to write arbitrary YAML files on the filesystem. Since Dagu e...