CVE-2025-26268

LOW

Published Apr 17, 2025 Modified Apr 25, 2025 CWE-392

Description

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.

CVSS v3.1 Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Weakness Type (CWE)

CWE-392 CWE-392

Affected Products

Vendor	Product	Versions
dragonflydb	dragonfly	< 1.27.0

References

Advisories & Patches

https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243 https://github.com/dragonflydb/dragonfly/compare/v1.26.4...v1.27.0

Exploits

https://github.com/dragonflydb/dragonfly/issues/4466 https://github.com/dragonflydb/dragonfly/issues/4466

Frequently Asked Questions

What is CVE-2025-26268? +

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. It has a CVSS v3.1 base score of 3.3 (LOW).

How severe is CVE-2025-26268? +

CVE-2025-26268 has a CVSS v3.1 score of 3.3 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.

What products are affected by CVE-2025-26268? +

CVE-2025-26268 affects products from dragonflydb, specifically: dragonfly. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-26268? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a …

CVE-2025-32743 9.0

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the …

CVE-2024-39697 8.6

phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic …

CVE-2025-23270 7.1

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive …

CVE-2024-12797 6.3

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server …

CVE-2025-59398 3.1

The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 …

Quick Facts

CVSS Score: 3.3
Severity: LOW
Published: Apr 17, 2025

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2025-26268.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →