CVE-2026-34976— Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34976
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization
Source: NVD (National Vulnerability Database)
Vulnerability Description
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts attacker-controlled backup source URLs (including file:// for local filesystem access), S3/MinIO credentials, encryption key file paths, and Vault credential file paths. An unauthenticated attacker can overwrite the entire database, read server-side files, and perform SSRF. This vulnerability is fixed in 25.3.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dgraph 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dgraph是Dgraph开源的一个具有图形后端的水平可扩展分布式 GraphQL 数据库。 Dgraph 25.3.1之前版本存在安全漏洞,该漏洞源于restoreTenant管理突变缺少授权中间件,可能导致未经身份验证的攻击者覆盖数据库、读取服务器端文件和执行SSRF。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2026-34976
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34976
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: dgraph
- CVE-2026-41492
Unauthenticated Admin Token Disclosure Leading to Authentica - CVE-2026-41327
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injectio - CVE-2026-41328
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injectio - CVE-2026-40173
Dgraph: Unauthenticated pprof endpoint leaks admin auth toke - CVE-2023-31135
Dgraph Audit Log Encryption nonce reuse
Same vendor: dgraph-io
- CVE-2026-41492
Unauthenticated Admin Token Disclosure Leading to Authentica - CVE-2026-41327
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injectio - CVE-2026-41328
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injectio - CVE-2026-40173
Dgraph: Unauthenticated pprof endpoint leaks admin auth toke - CVE-2023-31135
Dgraph Audit Log Encryption nonce reuse
Same weakness: CWE-862
- CVE-2021-47932
WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthen - CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2026-42297
Argo Workflows Is Missing Authorization in Sync ConfigMap Pr - CVE-2026-42174
Kirby: User avatar creation, replacement and deletion are no - CVE-2026-42137
Kirby: `pages.access/list` and `files.access/list` permissio
V. Comments for CVE-2026-34976
No comments yet