CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41492

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can retrieve that token and replay it in the X-Dgraph-AuthToken header to access admin-only endpoints. This is a variant of the previously fixed /debug/pprof/cmdline issue, but the current fix is incomplete because it blocks only /debug/pprof/cmdline and still serves http.DefaultServeMux, which includes expvar's /debug/vars handler. This vulnerability is fixed in 25.3.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.6%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2026-41492

Dgraph » Dgraph » Version: N/A

cpe:2.3:a:dgraph:dgraph:-
Dgraph » Dgraph » Version: 0.3

cpe:2.3:a:dgraph:dgraph:0.3
Dgraph » Dgraph » Version: 0.4.0

cpe:2.3:a:dgraph:dgraph:0.4.0
Dgraph » Dgraph » Version: 0.4.1

cpe:2.3:a:dgraph:dgraph:0.4.1
Dgraph » Dgraph » Version: 0.4.2

cpe:2.3:a:dgraph:dgraph:0.4.2
Dgraph » Dgraph » Version: 0.4.3

cpe:2.3:a:dgraph:dgraph:0.4.3
Dgraph » Dgraph » Version: 0.4.4

cpe:2.3:a:dgraph:dgraph:0.4.4
Dgraph » Dgraph » Version: 0.7.0

cpe:2.3:a:dgraph:dgraph:0.7.0
Dgraph » Dgraph » Version: 0.7.1

cpe:2.3:a:dgraph:dgraph:0.7.1
Dgraph » Dgraph » Version: 0.7.2

cpe:2.3:a:dgraph:dgraph:0.7.2
Dgraph » Dgraph » Version: 0.7.2-1

cpe:2.3:a:dgraph:dgraph:0.7.2-1
Dgraph » Dgraph » Version: 0.7.3

cpe:2.3:a:dgraph:dgraph:0.7.3
Dgraph » Dgraph » Version: 0.7.4

cpe:2.3:a:dgraph:dgraph:0.7.4
Dgraph » Dgraph » Version: 0.7.5

cpe:2.3:a:dgraph:dgraph:0.7.5
Dgraph » Dgraph » Version: 0.7.6

cpe:2.3:a:dgraph:dgraph:0.7.6
Dgraph » Dgraph » Version: 0.7.7

cpe:2.3:a:dgraph:dgraph:0.7.7
Dgraph » Dgraph » Version: 0.8.0

cpe:2.3:a:dgraph:dgraph:0.8.0
Dgraph » Dgraph » Version: 0.8.1

cpe:2.3:a:dgraph:dgraph:0.8.1
Dgraph » Dgraph » Version: 0.8.2

cpe:2.3:a:dgraph:dgraph:0.8.2
Dgraph » Dgraph » Version: 0.8.3

cpe:2.3:a:dgraph:dgraph:0.8.3
Dgraph » Dgraph » Version: 0.9.0

cpe:2.3:a:dgraph:dgraph:0.9.0
Dgraph » Dgraph » Version: 0.9.1

cpe:2.3:a:dgraph:dgraph:0.9.1
Dgraph » Dgraph » Version: 0.9.2

cpe:2.3:a:dgraph:dgraph:0.9.2
Dgraph » Dgraph » Version: 0.9.3

cpe:2.3:a:dgraph:dgraph:0.9.3
Dgraph » Dgraph » Version: 0.9.4

cpe:2.3:a:dgraph:dgraph:0.9.4
Dgraph » Dgraph » Version: 1.0.0

cpe:2.3:a:dgraph:dgraph:1.0.0
Dgraph » Dgraph » Version: 1.0.1

cpe:2.3:a:dgraph:dgraph:1.0.1
Dgraph » Dgraph » Version: 1.0.10

cpe:2.3:a:dgraph:dgraph:1.0.10
Dgraph » Dgraph » Version: 1.0.11

cpe:2.3:a:dgraph:dgraph:1.0.11
Dgraph » Dgraph » Version: 1.0.12

cpe:2.3:a:dgraph:dgraph:1.0.12
Dgraph » Dgraph » Version: 1.0.13

cpe:2.3:a:dgraph:dgraph:1.0.13
Dgraph » Dgraph » Version: 1.0.14

cpe:2.3:a:dgraph:dgraph:1.0.14
Dgraph » Dgraph » Version: 1.0.14-3

cpe:2.3:a:dgraph:dgraph:1.0.14-3
Dgraph » Dgraph » Version: 1.0.15

cpe:2.3:a:dgraph:dgraph:1.0.15
Dgraph » Dgraph » Version: 1.0.16

cpe:2.3:a:dgraph:dgraph:1.0.16
Dgraph » Dgraph » Version: 1.0.17

cpe:2.3:a:dgraph:dgraph:1.0.17
Dgraph » Dgraph » Version: 1.0.18

cpe:2.3:a:dgraph:dgraph:1.0.18
Dgraph » Dgraph » Version: 1.0.2

cpe:2.3:a:dgraph:dgraph:1.0.2
Dgraph » Dgraph » Version: 1.0.3

cpe:2.3:a:dgraph:dgraph:1.0.3
Dgraph » Dgraph » Version: 1.0.4

cpe:2.3:a:dgraph:dgraph:1.0.4
Dgraph » Dgraph » Version: 1.0.5

cpe:2.3:a:dgraph:dgraph:1.0.5
Dgraph » Dgraph » Version: 1.0.6

cpe:2.3:a:dgraph:dgraph:1.0.6
Dgraph » Dgraph » Version: 1.0.7

cpe:2.3:a:dgraph:dgraph:1.0.7
Dgraph » Dgraph » Version: 1.0.7a

cpe:2.3:a:dgraph:dgraph:1.0.7a
Dgraph » Dgraph » Version: 1.0.8

cpe:2.3:a:dgraph:dgraph:1.0.8
Dgraph » Dgraph » Version: 1.0.9

cpe:2.3:a:dgraph:dgraph:1.0.9
Dgraph » Dgraph » Version: 1.0.9-a

cpe:2.3:a:dgraph:dgraph:1.0.9-a
Dgraph » Dgraph » Version: 1.0.9-b

cpe:2.3:a:dgraph:dgraph:1.0.9-b
Dgraph » Dgraph » Version: 1.0.9-c

cpe:2.3:a:dgraph:dgraph:1.0.9-c
Dgraph » Dgraph » Version: 1.1.0

cpe:2.3:a:dgraph:dgraph:1.1.0
Dgraph » Dgraph » Version: 1.1.1

cpe:2.3:a:dgraph:dgraph:1.1.1
Dgraph » Dgraph » Version: 1.2.0

cpe:2.3:a:dgraph:dgraph:1.2.0
Dgraph » Dgraph » Version: 1.2.1

cpe:2.3:a:dgraph:dgraph:1.2.1
Dgraph » Dgraph » Version: 1.2.2

cpe:2.3:a:dgraph:dgraph:1.2.2
Dgraph » Dgraph » Version: 1.2.3

cpe:2.3:a:dgraph:dgraph:1.2.3
Dgraph » Dgraph » Version: 1.2.4

cpe:2.3:a:dgraph:dgraph:1.2.4
Dgraph » Dgraph » Version: 1.2.5

cpe:2.3:a:dgraph:dgraph:1.2.5
Dgraph » Dgraph » Version: 1.2.6

cpe:2.3:a:dgraph:dgraph:1.2.6
Dgraph » Dgraph » Version: 1.2.7

cpe:2.3:a:dgraph:dgraph:1.2.7
Dgraph » Dgraph » Version: 1.2.8

cpe:2.3:a:dgraph:dgraph:1.2.8
Dgraph » Dgraph » Version: 2.0.0

cpe:2.3:a:dgraph:dgraph:2.0.0
Dgraph » Dgraph » Version: 20.03.0

cpe:2.3:a:dgraph:dgraph:20.03.0
Dgraph » Dgraph » Version: 20.03.1

cpe:2.3:a:dgraph:dgraph:20.03.1
Dgraph » Dgraph » Version: 20.03.2

cpe:2.3:a:dgraph:dgraph:20.03.2
Dgraph » Dgraph » Version: 20.03.3

cpe:2.3:a:dgraph:dgraph:20.03.3
Dgraph » Dgraph » Version: 20.03.4

cpe:2.3:a:dgraph:dgraph:20.03.4
Dgraph » Dgraph » Version: 20.03.5

cpe:2.3:a:dgraph:dgraph:20.03.5
Dgraph » Dgraph » Version: 20.03.6

cpe:2.3:a:dgraph:dgraph:20.03.6
Dgraph » Dgraph » Version: 20.03.7

cpe:2.3:a:dgraph:dgraph:20.03.7
Dgraph » Dgraph » Version: 20.07.0

cpe:2.3:a:dgraph:dgraph:20.07.0
Dgraph » Dgraph » Version: 20.07.1

cpe:2.3:a:dgraph:dgraph:20.07.1
Dgraph » Dgraph » Version: 20.07.2

cpe:2.3:a:dgraph:dgraph:20.07.2
Dgraph » Dgraph » Version: 20.07.3

cpe:2.3:a:dgraph:dgraph:20.07.3
Dgraph » Dgraph » Version: 20.11.0

cpe:2.3:a:dgraph:dgraph:20.11.0
Dgraph » Dgraph » Version: 20.11.1

cpe:2.3:a:dgraph:dgraph:20.11.1
Dgraph » Dgraph » Version: 20.11.2

cpe:2.3:a:dgraph:dgraph:20.11.2
Dgraph » Dgraph » Version: 20.11.3

cpe:2.3:a:dgraph:dgraph:20.11.3
Dgraph » Dgraph » Version: 21.03.0

cpe:2.3:a:dgraph:dgraph:21.03.0
Dgraph » Dgraph » Version: 21.03.1

cpe:2.3:a:dgraph:dgraph:21.03.1
Dgraph » Dgraph » Version: 21.03.2

cpe:2.3:a:dgraph:dgraph:21.03.2
Dgraph » Dgraph » Version: 21.09.0

cpe:2.3:a:dgraph:dgraph:21.09.0
Dgraph » Dgraph » Version: 21.12.0

cpe:2.3:a:dgraph:dgraph:21.12.0
Dgraph » Dgraph » Version: 22.0.0

cpe:2.3:a:dgraph:dgraph:22.0.0
Dgraph » Dgraph » Version: 22.0.1

cpe:2.3:a:dgraph:dgraph:22.0.1
Dgraph » Dgraph » Version: 22.0.2

cpe:2.3:a:dgraph:dgraph:22.0.2
Dgraph » Dgraph » Version: 23.0.0

cpe:2.3:a:dgraph:dgraph:23.0.0
Dgraph » Dgraph » Version: 23.0.1

cpe:2.3:a:dgraph:dgraph:23.0.1
Dgraph » Dgraph » Version: 23.1.0

cpe:2.3:a:dgraph:dgraph:23.1.0
Dgraph » Dgraph » Version: 23.1.1

cpe:2.3:a:dgraph:dgraph:23.1.1
Dgraph » Dgraph » Version: 24.0.0

cpe:2.3:a:dgraph:dgraph:24.0.0
Dgraph » Dgraph » Version: 24.0.1

cpe:2.3:a:dgraph:dgraph:24.0.1
Dgraph » Dgraph » Version: 24.0.2

cpe:2.3:a:dgraph:dgraph:24.0.2
Dgraph » Dgraph » Version: 24.0.4

cpe:2.3:a:dgraph:dgraph:24.0.4
Dgraph » Dgraph » Version: 24.0.5

cpe:2.3:a:dgraph:dgraph:24.0.5
Dgraph » Dgraph » Version: 24.0.6

cpe:2.3:a:dgraph:dgraph:24.0.6
Dgraph » Dgraph » Version: 24.1.0

cpe:2.3:a:dgraph:dgraph:24.1.0
Dgraph » Dgraph » Version: 24.1.1

cpe:2.3:a:dgraph:dgraph:24.1.1
Dgraph » Dgraph » Version: 24.1.2

cpe:2.3:a:dgraph:dgraph:24.1.2
Dgraph » Dgraph » Version: 24.1.3

cpe:2.3:a:dgraph:dgraph:24.1.3
Dgraph » Dgraph » Version: 24.1.4

cpe:2.3:a:dgraph:dgraph:24.1.4
Dgraph » Dgraph » Version: 24.1.5

cpe:2.3:a:dgraph:dgraph:24.1.5
Dgraph » Dgraph » Version: 24.1.6

cpe:2.3:a:dgraph:dgraph:24.1.6
Dgraph » Dgraph » Version: 25.0.0

cpe:2.3:a:dgraph:dgraph:25.0.0
Dgraph » Dgraph » Version: 25.1.0

cpe:2.3:a:dgraph:dgraph:25.1.0
Dgraph » Dgraph » Version: 25.2.0

cpe:2.3:a:dgraph:dgraph:25.2.0
Dgraph » Dgraph » Version: 25.3.0

cpe:2.3:a:dgraph:dgraph:25.3.0
Dgraph » Dgraph » Version: 25.3.1

cpe:2.3:a:dgraph:dgraph:25.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-41492

Products

Pricing

Contact Us