CVE-2026-34976
Unauthenticated SSRF and Data Overwrite in Dgraph restoreTenant
Publication date: 2026-04-06
Last updated on: 2026-04-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dgraph | dgraph | to 25.3.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated attackers to fully compromise the confidentiality, integrity, and availability of the Dgraph database by overwriting data, reading sensitive server-side files, performing SSRF attacks, and stealing credentials.
Such a compromise can lead to unauthorized access and disclosure of sensitive personal or protected health information, which would violate data protection requirements under standards like GDPR and HIPAA.
The lack of authentication, authorization, IP whitelisting, and audit logging on the affected mutation means that organizations using vulnerable versions of Dgraph may fail to meet compliance obligations related to access controls, data integrity, and auditability.
Can you explain this vulnerability to me?
CVE-2026-34976 is a critical vulnerability in the Dgraph distributed GraphQL database affecting versions up to 25.3.0. The issue arises because the restoreTenant admin mutation lacks any authentication or authorization middleware, unlike similar mutations that require strict checks.
This missing authorization allows unauthenticated attackers to execute the restoreTenant mutation freely, which accepts attacker-controlled inputs such as backup source URLs (including local file system access via file://), S3/MinIO credentials, encryption key file paths, and Vault credential file paths.
As a result, attackers can overwrite the entire database, read sensitive server-side files, perform server-side request forgery (SSRF) to internal services, and steal credentials by exploiting Vault-related parameters.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including:
- Pre-authentication database overwrite allowing attackers to replace the entire database with malicious data, compromising data integrity and availability.
- Local filesystem enumeration and reading of sensitive files on the server, leading to confidentiality breaches.
- Server-Side Request Forgery (SSRF) attacks that can target internal network services, potentially exposing sensitive cloud metadata.
- Credential theft through Vault SSRF and reading of sensitive files such as Kubernetes service account tokens and system password files, which can lead to further system compromise.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Dgraph instance is running a version prior to 25.3.1 and if the `restoreTenant` admin mutation is accessible without authentication.
You can attempt to invoke the `restoreTenant` mutation on the GraphQL admin endpoint (typically on port 8080) without any authentication to see if it executes.
For example, you can use a curl command to test the mutation:
- curl -X POST http://<dgraph-server>:8080/admin -H 'Content-Type: application/json' -d '{"query":"mutation { restoreTenant(input: { backupUrl: \"file:///etc/passwd\" }) }"}'
If the mutation executes and returns data or error messages indicating file access or backup restoration, the vulnerability is present.
Additionally, monitoring network traffic for unauthorized requests to internal IPs (e.g., 169.254.169.254) or unusual S3/MinIO endpoints can indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to add the `restoreTenant` mutation to the admin mutation middleware configuration (`adminMutationMWConfig`) with the same protections as other admin mutations.
- Enforce Guardian-of-Galaxy authentication on the `restoreTenant` mutation.
- Implement IP whitelisting to restrict access to trusted sources.
- Enable audit logging for all admin mutations including `restoreTenant`.
Until a patched version (β₯ 25.3.1) is available and deployed, these configuration changes are critical to prevent unauthenticated exploitation.
Additionally, restrict network access to the admin endpoint (port 8080) to trusted administrators only.