CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

111 matches found

Dgraph <= 25.3.2 - Admin Token Disclosure

Dgraph = 25.3.2 contains an information disclosure caused by unauthenticated access to the /debug/vars endpoint , which publishes the cmdline variable including the --security token= flag, letting unauthenticated remote attackers retrieve the admin token and access admin-only endpoints, exploit...

9.8CVSS5.9AI score0.02187EPSS

Exploits1References2

RedhatCVE•added 2026/06/05 7:21 p.m.•8 views

CVE-2026-41327

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a...

9.1CVSS5.4AI score0.00424EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:20 p.m.•5 views

CVE-2026-41492

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS5.5AI score0.02187EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:20 p.m.•10 views

CVE-2026-41328

9.1CVSS5.5AI score0.00338EPSS

Exploits1References1

Veracode•added 2026/05/15 7:24 p.m.•12 views

Improper Neutralization Of Special Elements In Data Query Logic

Dgraph is vulnerable to Improper Neutralization of Special Elements in Data Query Logic. The vulnerability is due to improper sanitization of the user-controlled cond field in upsert mutations, which allows an attacker to inject arbitrary DQL query blocks and gain unauthorized read access to...

9.1CVSS5.9AI score0.00424EPSS

Exploits1References3Affected Software3

Veracode•added 2026/05/15 6:2 p.m.•10 views

Information Exposure

Dgraph is vulnerable to Information Exposure. The vulnerability is due to exposure of process command-line arguments through the unauthenticated /debug/vars endpoint, which allows an attacker to obtain sensitive admin tokens and gain unauthorized access to admin-only endpoints...

9.8CVSS5.8AI score0.02187EPSS

Exploits1References3Affected Software3

Veracode•added 2026/05/14 6:0 p.m.•8 views

Missing Authentication

github.com/dgraph-io/dgraph is vulnerable to Missing Authentication. The vulnerability is due to the restoreTenant admin mutation missing authorization middleware validation, which allows an unauthenticated attacker to overwrite the database, access server-side files via file:// paths, and perfor...

10CVSS7.3AI score0.00452EPSS

Exploits1References3Affected Software1

Veracode•added 2026/05/14 4:58 p.m.•13 views

Unauthenticated Credential Disclosure

github.com/dgraph-io/dgraph is vulnerable to an unauthenticated credential disclosure. The vulnerability is due to the /debug/pprof/cmdline endpoint being accessible without authentication, which exposes the full process command line including the admin token, allowing an attacker to retrieve the...

9.4CVSS5.8AI score0.00509EPSS

Exploits1References3Affected Software1