DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
{
"cwe_ids": [
"CWE-191"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/26xxx/CVE-2025-26269.json",
"cna_assigner": "mitre"
}{
"cpe": "cpe:2.3:a:dragonflydb:dragonfly:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.29.0"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}