GO-2026-4693 Dagu: Path Traversal via `dagRunId` in Inline DAG Execution in github.com/dagu-org/dagu

Dagu: Path Traversal via dagRunId in Inline DAG Execution in github.com/dagu-org/dagu...

CVE-2026-31886 Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

CVE-2026-31886 Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

CVE-2026-31886 Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

CVE-2026-31886

CVE-2026-31886 affects Dagu (workflow engine) prior to 2.2.4. The dagRunId parameter used by inline DAG execution endpoints is passed into filepath.Join without validation, allowing a directory traversal (e.g., ".."). Go’s Join resolves such paths to system temp directories (like /tmp), and a def...

Dagu: Path Traversal via `dagRunId` in Inline DAG Execution

Vulnerability Summary The dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as...

EUVD-2026-12089

Dagu: Path Traversal via dagRunId in Inline DAG Execution...

GHSA-M4Q3-457P-HH2X Dagu: Path Traversal via `dagRunId` in Inline DAG Execution

Vulnerability Summary The dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as...

PT-2026-25326

Dagu and Affected Versions Dagu versions prior to 2.2.4 Description Dagu, a workflow engine, contains a path traversal flaw in the inline DAG execution endpoints. The dagRunId request field is passed directly into filepath.Join without proper validation, allowing an attacker to redirect the...

BIT-AIRFLOW-2025-62402 Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

PYSEC-2023-266

Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the executi...

Apache Airflow 跨站请求伪造漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site request forgery vulnerability exists in Apache Airflow versions 2.7.0...