Browse all 4 CVE security advisories affecting dagu-org. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dagu-org develops workflow orchestration tools for data pipeline automation, primarily serving data engineering teams. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and access control flaws. While no major public security incidents have been widely documented, the four recorded CVEs highlight recurring issues in authentication mechanisms and insecure deserialization. Their security posture appears typical for open-source data tools, with vulnerabilities typically addressed through timely patch releases but lacking comprehensive security documentation or proactive vulnerability disclosure programs.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33344 | Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG — daguCWE-22 | 8.1 | High | 2026-03-24 |
| CVE-2026-31886 | Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution — daguCWE-22 | 9.1 | Critical | 2026-03-13 |
| CVE-2026-31882 | Dagu SSE Authentication Bypass in Basic Auth Mode — daguCWE-306 | 7.5 | High | 2026-03-13 |
| CVE-2026-27598 | Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory — daguCWE-22 | 8.8 | - | 2026-02-25 |
This page lists every published CVE security advisory associated with dagu-org. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.