关键漏洞信息 CVE ID: CVE-2026-27598 Severity: Low Affected Package: github.com/dagu-org/dagu (Go) Affected Versions: <= 1.16.7 Patched Versions: None Description The API endpoint ( ) does not validate the DAG name before passing it to the file store. This allows an attacker to bypass the directory structure and write arbitrary YAML files outside the DAGs directory. Affected Code - Line 120-170: handler does not call . - Line 493-498: resolves absolute paths when the name contains separators. - Line 213: calls and writes attacker-controlled YAML content to the resolved path. PoC After this request, a file will be created with the attacker-supplied content. The file is written with the permissions of the process. Potential Impact An authenticated user with DAG write permissions can write arbitrary YAML files anywhere on the filesystem. This can lead to remote code execution if a malicious DAG is written to the DAGs directory of another instance or config files are overwritten.