CVE-2025-26268

Name of the Vulnerable Software and Affected Versions DragonflyDB Dragonfly versions prior to 1.27.0

Description The issue allows authenticated users to cause a denial of service, resulting in a daemon crash, by sending a crafted Redis command. The problem stems from the lack of validation of the scan cursor's validity.

Recommendations For versions prior to 1.27.0, update to version 1.27.0 or later to resolve the issue. As a temporary workaround, consider restricting access to Redis commands to minimize the risk of exploitation.