CVE-2025-26268

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-26268

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26268.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-26268

Published

2025-04-17T18:15:48.870Z

Modified

2026-04-12T15:44:29.853638Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.

References

Affected packages

Git / github.com/dragonflydb/dragonfly

Affected ranges

Type

GIT

Repo

https://github.com/dragonflydb/dragonfly

Events

Introduced

Fixed

a371609e839beaf7d2d1f826dd17f7b2d296c24b

Fixed

d1fac0f912edb323a2bdd6404c518cda21eac243

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.27.0"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.13.1

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.2.0

v0.3.0

v0.3.0-alpha

v0.3.1

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.2.0

v1.2.1

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.26.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.7.1

v1.8.0

v1.9.0

w0.*

w0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26268.json"

vanir_signatures_modified

"2026-04-12T15:44:29Z"

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/dragonflydb/dragonfly/commit/a371609e839beaf7d2d1f826dd17f7b2d296c24b",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "108567753495304851119424529408164175689",
                "267865825301814108049608044796632498096",
                "44082964338215350289100926772688977278",
                "117995951027024819298477577063835040144",
                "67226077546091028140284154231135404141",
                "18429231869476542943509878641608495414",
                "164953853649305531134721207782694936769",
                "129436988819929746469054130878554791792",
                "238110049038862402048446757714858172898",
                "324023988138416576041352778220516243733",
                "273219761584117574042448676132823407745",
                "20739129928232773173674562298025272858",
                "256073978055593495885322087639149609625",
                "15405918832630030620420378204265614531",
                "187097057733363296365332822319570576689",
                "113625196006622977125140814802924974091",
                "223424282330258191137710503282540932708"
            ]
        },
        "id": "CVE-2025-26268-1c8e2ddc",
        "deprecated": false,
        "target": {
            "file": "src/server/generic_family.cc"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "38608814269422163303963563423712842560",
                "123985790265266215921952321763995268651",
                "59936434886196983884123315146924329109",
                "166148023669594545505133903311252725543"
            ]
        },
        "id": "CVE-2025-26268-361adaab",
        "deprecated": false,
        "target": {
            "file": "src/server/script_mgr.cc"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "79472618277450543657091118225735845546"
            ]
        },
        "id": "CVE-2025-26268-5642b2bc",
        "deprecated": false,
        "target": {
            "file": "src/server/generic_family_test.cc"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/dragonflydb/dragonfly/commit/a371609e839beaf7d2d1f826dd17f7b2d296c24b",
        "digest": {
            "function_hash": "78185970870011011555495660758933100329",
            "length": 248.0
        },
        "id": "CVE-2025-26268-71221ac3",
        "deprecated": false,
        "target": {
            "file": "src/server/generic_family.cc",
            "function": "RestoreArgs::UpdateExpiration"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/dragonflydb/dragonfly/commit/a371609e839beaf7d2d1f826dd17f7b2d296c24b",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "288305708684971115412083624090968874896",
                "151712554487035968701171058643367774600",
                "28371767349549044149463529681754183360"
            ]
        },
        "id": "CVE-2025-26268-742ddff5",
        "deprecated": false,
        "target": {
            "file": "src/server/string_family_test.cc"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/dragonflydb/dragonfly/commit/d1fac0f912edb323a2bdd6404c518cda21eac243",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "165218057215288258406726891608523846466",
                "258417460397105187917462991080684005877",
                "67707046302037535467586628600009906407",
                "208787143625106132163095809419824693260",
                "4305417185513990394734888699731599729",
                "39008453092391166666686721255350508376",
                "102969634230896874135111470551752010739"
            ]
        },
        "id": "CVE-2025-26268-c36c7e79",
        "deprecated": false,
        "target": {
            "file": "src/core/dash.h"
        }
    }
]