CVE-2026-34976

Name of the Vulnerable Software and Affected Versions Dgraph versions up to 25.3.0

Description Dgraph is susceptible to an authentication bypass vulnerability in the 'restoreTenant' admin mutation. This flaw allows unauthenticated attackers to overwrite the entire database, read server-side files, and perform Server-Side Request Forgery (SSRF). The vulnerability stems from the missing authorization middleware configuration for the 'restoreTenant' mutation, allowing attackers to bypass authentication checks. Attackers can leverage this to execute privileged restores using attacker-controlled backup source URLs, including file:// for local filesystem access, S3/MinIO credentials, encryption key file paths, and Vault credential file paths. The vulnerability allows for database overwrites, sensitive file disclosure, and SSRF attacks. The restoreTenant mutation accepts attacker-controlled backup source URLs (including file:// for local filesystem access), S3/MinIO credentials, encryption key file paths, and Vault credential file paths.

Recommendations Update to version 25.3.1 or later to address the vulnerability. Isolate Dgraph admin endpoints from public access and restrict access to trusted IPs. Monitor and block restoreTenant requests at the network/WAF layer. Rotate exposed credentials and inspect/restore from known-good offline backups. Restrict egress to block SSRF to metadata/internal endpoints and enable centralized audit logging.