CVE-2026-44840
Dgraph is an open source distributed GraphQL database. Prior to version 25.3.4, the checkUserPassword GraphQL query in Dgraph is vulnerable to DQL Dgraph Query Language injection. User-supplied password values are interpolated directly into a DQL checkpwd query via fmt.Sprintf without any escapin...