PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54061 dgraph-io CVE debrief

CVE-2026-54061 is a critical vulnerability in Dgraph, an open-source distributed GraphQL database. The issue allows unauthenticated network clients to access and modify database data by exploiting the external snapshot import RPCs exposed on port 9080. This can lead to data deletion and replacement. The vulnerability was patched in version 25.3.5. Organizations should prioritize patching to prevent potential data breaches. Security teams and administrators responsible for Dgraph deployments need to assess their exposure and take immediate action.

Vendor
dgraph-io
Product
dgraph
CVSS
CRITICAL 9.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-08
Advisory published
2026-07-08
Advisory updated
2026-07-08

Who should care

Organizations using Dgraph versions prior to 25.3.5 should prioritize patching to prevent potential data breaches. Security teams and administrators responsible for Dgraph deployments need to assess their exposure and take immediate action. Operators and platform administrators should review the vulnerability and take necessary actions to protect their systems.

Technical summary

Dgraph Alpha exposes RPCs for external snapshot import on port 9080 without authentication or authorization. An unauthenticated client can open StreamExtSnapshot and send Badger stream data, allowing data deletion and replacement by calling Prepare() before processing the stream. The vulnerability has a critical CVSS score of 9.1, indicating a high severity vulnerability. The affected product is Dgraph, and the vulnerability is patched in version 25.3.5.

Defensive priority

High priority due to critical CVSS score of 9.1 and potential for data loss and modification.

Recommended defensive actions

  • Patch Dgraph to version 25.3.5 or later
  • Restrict access to port 9080
  • Monitor for suspicious activity
  • Inventory Dgraph deployments
  • Verify patch application
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-08T14:17:06.520Z and last modified on 2026-07-08T15:28:15.630Z. The NVD entry is currently Deferred. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The CVE record provides a critical CVSS score of 9.1, indicating a high severity vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T14:17:06.520Z and has not been modified since then. The NVD entry is currently Deferred.