PatchSiren cyber security CVE debrief
CVE-2026-54061 dgraph-io CVE debrief
CVE-2026-54061 is a critical vulnerability in Dgraph, an open-source distributed GraphQL database. The issue allows unauthenticated network clients to access and modify database data by exploiting the external snapshot import RPCs exposed on port 9080. This can lead to data deletion and replacement. The vulnerability was patched in version 25.3.5. Organizations should prioritize patching to prevent potential data breaches. Security teams and administrators responsible for Dgraph deployments need to assess their exposure and take immediate action.
- Vendor
- dgraph-io
- Product
- dgraph
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Organizations using Dgraph versions prior to 25.3.5 should prioritize patching to prevent potential data breaches. Security teams and administrators responsible for Dgraph deployments need to assess their exposure and take immediate action. Operators and platform administrators should review the vulnerability and take necessary actions to protect their systems.
Technical summary
Dgraph Alpha exposes RPCs for external snapshot import on port 9080 without authentication or authorization. An unauthenticated client can open StreamExtSnapshot and send Badger stream data, allowing data deletion and replacement by calling Prepare() before processing the stream. The vulnerability has a critical CVSS score of 9.1, indicating a high severity vulnerability. The affected product is Dgraph, and the vulnerability is patched in version 25.3.5.
Defensive priority
High priority due to critical CVSS score of 9.1 and potential for data loss and modification.
Recommended defensive actions
- Patch Dgraph to version 25.3.5 or later
- Restrict access to port 9080
- Monitor for suspicious activity
- Inventory Dgraph deployments
- Verify patch application
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-08T14:17:06.520Z and last modified on 2026-07-08T15:28:15.630Z. The NVD entry is currently Deferred. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The CVE record provides a critical CVSS score of 9.1, indicating a high severity vulnerability.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T14:17:06.520Z and has not been modified since then. The NVD entry is currently Deferred.