Summary
Dgraph disclosed a critical authentication bypass vulnerability (CVE-2026-34976) in its administrative API that allows unauthenticated attackers to overwrite databases and read sensitive server files.
Take Action:
If you are using Dgraph, this is urgent. Immediately make sure that public access to Dgraph's administration port 8080 is blocked, and add restoreTenant to adminMutationMWConfig: "restoreTenant": gogMutMWs.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)