Skip to main content

DragonflyDB CVE-2026-54341

| EUVDEUVD-2026-39811 HIGH
Out-of-bounds Read (CWE-125)
2026-06-26 GitHub_M
7.5
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Default no-auth network exposure gives AV:N/AC:L/PR:N/UI:N; single command crashes the whole process for A:H, with no confidentiality or integrity impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch available
Jun 26, 2026 - 19:02 EUVD
Source Code Evidence Fetched
Jun 26, 2026 - 17:52 vuln.today
Analysis Generated
Jun 26, 2026 - 17:52 vuln.today

DescriptionCVE.org

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command - a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0.

AnalysisAI

Remote denial of service in DragonflyDB before 1.39.0 lets an unauthenticated attacker crash the entire server with a single ~24-byte RESTORE command carrying a malformed listpack payload, triggering an out-of-bounds read (SIGSEGV). Because Dragonfly ships with no authentication enabled by default and RESTORE is an ordinary keyspace command, any client that can reach the port can repeatedly kill the process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach unauthenticated Dragonfly port
Delivery
Send crafted RESTORE listpack payload
Exploit
Pass shallow listpack header validation
Execution
Trigger out-of-bounds read in loader
Persist
Crash server process (SIGSEGV)
Impact
Repeat to sustain denial of service

Vulnerability AssessmentAI

Exploitation The attacker needs network reachability to the DragonflyDB port and the ability to send a RESTORE command - both satisfied by default, since Dragonfly requires no authentication out of the box and RESTORE is a standard keyspace command (AV:N/AC:L/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All signals point to a genuine, easy-to-trigger availability threat rather than a paper-tiger high score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an internet-exposed or shared-network DragonflyDB instance (which by default requires no authentication) opens a connection and issues a single RESTORE command with a crafted listpack-encoded payload whose interior string entry declares a length of 0x7fffffff. The server's shallow listpack validation passes the header, then reads out of bounds and dies with SIGSEGV, dropping all clients; the attacker simply re-sends the command after each restart for a sustained outage. …
Remediation Vendor-released patch: upgrade to DragonflyDB 1.39.0 or later, which enforces deep listpack integrity validation on RESTORE payloads. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all DragonflyDB instances in production environments and document current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-24124 CRITICAL POC
9.8 Jan 22

Dragonfly P2P file distribution system versions 2.4.1-rc.0 and below have a missing authentication vulnerability allowin

CVE-2021-33564 CRITICAL POC
9.8 May 29

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write

CVE-2025-59353 HIGH POC
7.7 Sep 17

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated high severity (CVSS 7.7), t

CVE-2025-59345 HIGH
7.7 Sep 17

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated high severity (CVSS 7.7), t

CVE-2022-41967 HIGH
7.5 Dec 28

Dragonfly is a Java runtime dependency management library. Rated high severity (CVSS 7.5), this vulnerability is remotel

CVE-2025-26268 LOW POC
3.3 Apr 17

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted

CVE-2025-26269 LOW POC
3.3 Apr 17

DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon c

CVE-2025-59410 MEDIUM
5.5 Sep 17

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 5.5),

CVE-2026-47206 LOW
2.3 Jun 26

RESP protocol injection in Dragonfly's EvalSerializer allows an authenticated low-privilege user to embed raw CRLF seque

CVE-2025-59354 MEDIUM
5.5 Sep 17

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 5.5),

CVE-2025-59352 MEDIUM
6.9 Sep 17

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated medium severity (CVSS 6.9),

CVE-2025-59351 LOW
2.7 Sep 17

Dragonfly is an open source P2P-based file distribution and image acceleration system. Rated low severity (CVSS 2.7), th

Share

CVE-2026-54341 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy