8 matches found
Missing Authentication
github.com/dgraph-io/dgraph is vulnerable to Missing Authentication. The vulnerability is due to the restoreTenant admin mutation missing authorization middleware validation, which allows an unauthenticated attacker to overwrite the database, access server-side files via file:// paths, and perfor...
CVE-2026-34976
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...
CVE-2026-34976
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...
EUVD-2026-19360
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...
CVE-2026-34976 Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...
Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization
The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...
PT-2026-29916
The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...
PT-2026-29969
Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.1 Description Dgraph is vulnerable to an authentication bypass flaw in the 'restoreTenant' admin mutation. This mutation lacks proper authorization middleware, allowing unauthenticated attackers to overwrite the...