关键漏洞信息 CVE ID: CVE-2026-24124 Critical: Yes Affected Versions: <v2.4.1 Patched Version: v2.4.1 Summary Dragonfly Manager's job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs. This can lead to resource exhaustion, information disclosure, and service disruption. Vulnerability Details Affected Endpoints: Technical Root Cause: Missing JWT authentication middleware in the routing configuration. Exploitation Steps: Detailed steps to exploit the vulnerability are provided, including creating and modifying jobs. Proof of Concept: Includes environment setup, exploitation steps, and automated POC script. Impact Analysis Direct Impact: - Unauthorized job management - Information disclosure - Service disruption - Resource exhaustion Potential Attack Scenarios: - Resource exhaustion attack - SSRF risk - Business logic disruption Remediation Recommended Fix: Add authentication and authorization middleware to the Job API. Temporary Mitigation: Network isolation, API gateway, monitoring and alerting. Verify Fix: After the fix, unauthenticated requests should return 401 Unauthorized.