17 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /debug/vars endpoint, which exposes the process command line including sensitive startup flags. An attacker can gain unauthorized access to admin-only endpoints by retrieving the admin token and replaying it...
CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...
EUVD-2026-25599
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...
CVE-2026-41492
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...
CVE-2026-41492
CVE-2026-41492 affects Dgraph Alpha prior to 25.3.3, where the unauthenticated /debug/vars endpoint exposes the process command line and, via the exposed admin token from startup flags, can be replayed in the X-Dgraph-AuthToken header to access admin-only endpoints. The issue is a variant of a pr...
CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...
GHSA-VVF7-6RMR-M29Q Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars
Summary Dgraph v25.3.2 still exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the...
Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars
Summary Dgraph v25.3.2 still exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the...
PT-2026-35060
Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.3 Description Dgraph exposes the process command line through the unauthenticated '/debug/vars' endpoint on Alpha. Since the admin token is often provided via the --security startup flag, an unauthenticated attack...
SUSE CVE-2026-33247
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...
CVE-2026-33247
A flaw was found in NATS-Server. If the NATS-Server is configured with static credentials provided through command-line arguments argv and the monitoring port is enabled, a remote attacker with access to the monitoring port can view these credentials. The /debug/vars endpoint on the monitoring po...
DEBIAN-CVE-2026-33247
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...
CVE-2026-33247
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...
UBUNTU-CVE-2026-33247
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...
CVE-2026-33247
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...
GHSA-X6G4-F6Q3-FQVV NATS credentials are exposed in monitoring port via command-line argv
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an optional monitoring port, which provides access to sensitive data. The nats-server can take certain configuratio...
NATS credentials are exposed in monitoring port via command-line argv
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an optional monitoring port, which provides access to sensitive data. The nats-server can take certain configuratio...