CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-54061

criticalCVSS 9.1covered by 1 sourcefirst seen 2026-07-08
Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port :9080 without authentication or authorization. As a result, an unauthenticated network client can open StreamExtSnapshot and send Badger stream data to the target group’s store. In addition, the receiver calls Prepare() before processing the stream. This operation deletes and replaces the existing DB data. Version 25.3.5 patches the issue.

⚡ Watch CVE-2026-54061

Get an email if CVE-2026-54061 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-54061

CVE.org record

Embed the live status

CVE-2026-54061 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-54061 status](https://www.csirts.com/badge/CVE-2026-54061)](https://www.csirts.com/cve/CVE-2026-54061)