CVE-2026-33344
- EPSS 0.02%
- Veröffentlicht 24.03.2026 19:23:56
- Zuletzt bearbeitet 26.03.2026 13:03:13
Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path...
CVE-2026-31886
- EPSS 0.15%
- Veröffentlicht 13.03.2026 19:32:09
- Zuletzt bearbeitet 18.03.2026 15:24:15
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format v...
CVE-2026-31882
- EPSS 0.25%
- Veröffentlicht 13.03.2026 19:28:25
- Zuletzt bearbeitet 18.03.2026 20:14:20
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication (DAGU_AUTH_MODE=basic), all Server-Sent Events (SSE) endpoints are accessible without any credentials. This allows un...
CVE-2026-27598
- EPSS 0.13%
- Veröffentlicht 25.02.2026 00:27:40
- Zuletzt bearbeitet 25.02.2026 20:23:36
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the `CreateNewDAG` API endpoint (`POST /api/v1/dags`) does not validate the DAG name before passing it to the file store. An authenticated user with...