CVE-2026-34976 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: April 6, 2026
Dgraph - Authentication Bypass
Published: April 6, 2026Updated: April 6, 2026Remote Exploitable
Overview
Dgraph < 25.3.1 contains an authentication bypass caused by missing authorization middleware for the restoreTenant admin mutation, letting unauthenticated attackers overwrite the database, read files, and perform SSRF, exploit requires no authentication.
Severity & Score
Severity: Critical
CVSS Score: 10.0
Impact
Unauthenticated attackers can overwrite the database, read server files, and perform SSRF, leading to full data compromise and server access.
Mitigation
Update to version 25.3.1 or later.
Related Resources
Details
- CVE ID
- CVE-2026-34976
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- broken_access_control
- Status
- new
CWE
- CWE-862
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H