Dragonfly — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in Dragonfly, with AI-generated Chinese analysis, references, and POCs.

Vendor: HyperaDev

CVE ID	Title	CVSS	Severity	Published
CVE-2026-24124	Dragonfly Manager Job API Allows Unauthenticated Access CWE-306	9.8	-	2026-01-22
CVE-2025-59410	Dragonfly tiny file download uses hard coded HTTP protocol CWE-311	5.9^AI	Medium^AI	2025-09-17
CVE-2025-59354	Dragonfly has weak integrity checks for downloaded files CWE-328	6.5^AI	Medium^AI	2025-09-17
CVE-2025-59353	Manager generates mTLS certificates for arbitrary IP addresses CWE-295	6.5^AI	Medium^AI	2025-09-17
CVE-2025-59352	Dragonfly allows arbitrary file read and write on a peer machine CWE-202	8.8^AI	High^AI	2025-09-17
CVE-2025-59351	Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error CWE-476	7.5^AI	High^AI	2025-09-17
CVE-2025-59350	Timing attacks against Proxy’s basic authentication are possible CWE-208	5.9^AI	Medium^AI	2025-09-17
CVE-2025-59349	Directories created via os.MkdirAll are not checked for permissions CWE-732	3.3^AI	Low^AI	2025-09-17
CVE-2025-59348	Dragonfly incorrectly handles a task structure’s usedTraffic field CWE-457	7.5^AI	High^AI	2025-09-17
CVE-2025-59347	Dragonfly Manager makes requests to external endpoints with disabled TLS authentication CWE-295	7.4^AI	High^AI	2025-09-17
CVE-2025-59346	Dragonfly server-side request forgery vulnerability CWE-918	4.6^AI	Medium^AI	2025-09-17
CVE-2025-59345	Dragonfly did not enable authentication for some Manager’s endpoints CWE-306	9.1^AI	Critical^AI	2025-09-17
CVE-2025-52935	Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly CWE-190	8.4^AI	High^AI	2025-06-23
CVE-2025-26269	Dragonfly 安全漏洞 CWE-191	3.3	Low	2025-04-17
CVE-2025-26268	Dragonfly 安全漏洞 CWE-392	3.3	Low	2025-04-17
CVE-2022-41967	Improper Restriction of XML External Entity Reference in Dragonfly CWE-611	7.0	High	2022-12-27

All 16 known CVE vulnerabilities affecting Dragonfly with full Chinese analysis, references, and POCs where available.