CVE-2026-54341: Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack col
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command — a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0.
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-54341
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-543410.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-54341 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for Dragonfly is an
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- mediumGHSA-chwm-m7g7-685g: Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost …ghsa · 2026-07-06
- lowGHSA-4q9j-6299-gxmr: Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1…ghsa · 2026-07-02
- unknownCVE-2026-47206: Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, …nvd · 2026-06-26
More from NVD Recent CVEs
- mediumCVE-2026-15485: A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub…2026-07-12
- highCVE-2026-15484: A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the funct…2026-07-12
- highCVE-2026-15483: A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the fun…2026-07-12
- highCVE-2026-15482: A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown …2026-07-12
- highCVE-2026-15481: A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability a…2026-07-12