CVE-2025-26268

Summary

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.

Affected Software

VendorProductVersion RangeStatus
DragonflyDBDragonfly0 < 1.27.0affected

Weaknesses

  • CWE-392: CWE-392 Missing Report of Error Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References