Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

Ruby Dragonfly <1.4.0 - Remote Code Execution

Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishand...

SUSE CVE-2025-59353

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager's Certificate gRPC service does not...

SUSE CVE-2026-24124

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

GO-2026-4356 Dragonfly Manager Job API Unauthenticated Access in d7y.io/dragonfly

Dragonfly Manager Job API Unauthenticated Access in d7y.io/dragonfly...

CVE-2026-24124

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

CVE-2026-24124

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of JWT authentication middleware and RBAC authorization checks in the routing configuration for /api/v1/jobs endpoint. An attacker can view, update, and delete jobs by sending...

CVE-2026-24124

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

CVE-2026-24124

Dragonfly CVE-2026-24124 describes an unauthenticated access flaw in the Manager Job API. In versions 2.4.1-rc.0 and earlier, the Job API endpoints under /api/v1/jobs lack JWT authentication middleware and RBAC checks, allowing unauthenticated users with Manager API access to view, create, modify...

CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

GHSA-J8HF-CP34-G4J7 Dragonfly Manager Job API Unauthenticated Access

Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption. Affected Products - Product: Dragonfly - Component:...

Dragonfly Manager Job API Unauthenticated Access

Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption. Affected Products - Product: Dragonfly - Component:...

EUVD-2026-3805

Dragonfly Manager Job API Unauthenticated Access...

Dragonfly Access Control Vulnerability

Dragonfly is an open-source framework developed by DragonflyDB, capable of dynamically processing any content type. Versions of Dragonfly 2.4.1-rc.0 and earlier contained a access control vulnerability. This vulnerability stemmed from the absence of JWT authentication and RBAC authorization check...

Duplicate

This advisory duplicates another...

Dragonfly Manager Job API Unauthenticated Access

Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption...

CVE-2021-33473

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...