Home / Vulnerability Intelligence / CVE-2026-41492

CVE-2026-41492 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 24, 2026

Dgraph - Information Disclosure

Published: April 24, 2026Updated: April 24, 2026Remote Exploitable

Overview

Dgraph < 25.3.3 contains an information disclosure caused by unauthenticated access to /debug/vars endpoint exposing process command line, letting unauthenticated attackers retrieve admin tokens and access admin-only endpoints, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can retrieve admin tokens and access admin-only endpoints, leading to full administrative control.

Mitigation

Update to version 25.3.3 or later.

References

https://github.com/dgraph-io/dgraph/releases/tag/v25.3.3
https://github.com/dgraph-io/dgraph/security/advisories/GHSA-vvf7-6rmr-m29q

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41492
Severity: Critical
CVSS Score: 9.8
Type: information_disclosure
Status: new

CWE

CWE-200

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H