CVE-2026-54341
Deferred Deferred - Pending Action

DragonflyDB Out-of-Bounds Read in RESTORE Command

Vulnerability report for CVE-2026-54341, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command β€” a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-17
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
dragonflydb dragonfly to 1.39.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-54341 is a vulnerability in DragonflyDB where a specially crafted RESTORE command can cause the server to crash. This happens because the RESTORE operation only superficially checks the integrity of the payload, allowing an attacker to send a malformed listpack with an entry that declares an excessively large length but contains no actual data. When the server processes this entry, it reads beyond the allocated memory, causing a segmentation fault (SIGSEGV) and crashing the entire server process.

The attack is remote, unauthenticated, and repeatable, requiring only a single approximately 24-byte command to exploit. It affects all default configurations and all versions of DragonflyDB prior to 1.39.0. The vulnerability was fixed in version 1.39.0 by introducing deep integrity validation for RESTORE operations, which rejects malformed payloads instead of processing them.

Detection Guidance

This vulnerability is triggered by sending a crafted RESTORE command with a malformed payload to the DragonflyDB server, causing it to crash due to an out-of-bounds read.

Because the attack involves a specific ~24-byte RESTORE command payload that causes a segmentation fault (SIGSEGV), detection can focus on monitoring for unexpected server crashes or segmentation faults in DragonflyDB logs.

There are no operator-side mitigations or specific detection commands provided in the resources. However, you can monitor the DragonflyDB server process for crashes and check logs for SIGSEGV signals.

To test if your server is vulnerable, you could attempt to send a crafted RESTORE command with a malformed payload similar to the exploit payload described, but this requires crafting a specific payload that triggers the out-of-bounds read.

Since RESTORE is a normal keyspace command and unauthenticated by default, you can use a Redis-compatible client to send a RESTORE command with a crafted payload to test for vulnerability, but no exact command examples are provided.

The recommended mitigation is to upgrade to DragonflyDB version 1.39.0 or later, which includes deep integrity validation preventing this crash.

Impact Analysis

This vulnerability allows an unauthenticated remote attacker to crash the DragonflyDB server by sending a single crafted RESTORE command. The impact is a remote, repeatable denial of service (DoS), causing the entire server process to terminate unexpectedly.

Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, any attacker with network access to the server can exploit this vulnerability without credentials. Additionally, the vulnerability can also crash replication replicas if the malicious payload is sent from a master, potentially disrupting replication and availability.

There are no operator-side mitigations other than upgrading to version 1.39.0 or later, which implements deep validation to prevent such crashes.

Compliance Impact

CVE-2026-54341 is a remote, unauthenticated denial of service vulnerability in DragonflyDB that allows an attacker to crash the server by sending a crafted RESTORE payload. This vulnerability causes availability issues by crashing the entire server process.

While the vulnerability impacts server availability, there is no information provided about data confidentiality or integrity breaches, nor about exposure of personal or sensitive data.

Therefore, the vulnerability primarily affects the availability aspect of systems using DragonflyDB, which could have indirect implications for compliance with standards like GDPR or HIPAA that require maintaining system availability and reliability.

However, no explicit details are given about direct compliance violations or regulatory impacts in the provided information.

Mitigation Strategies

The vulnerability can be mitigated by upgrading DragonflyDB to version 1.39.0 or later.

The fix in version 1.39.0 introduces deep integrity validation for RESTORE operations, which prevents crashes by rejecting malformed payloads instead of processing them.

No operator-side mitigation exists other than upgrading, as the vulnerability allows unauthenticated remote attackers to crash the server with a single crafted RESTORE command.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54341. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart