CVE-2026-54061 is a critical vulnerability in Dgraph, an open-source distributed GraphQL database. The issue allows unauthenticated network clients to access and modify database data by exploiting the external snapshot import RPCs exposed on port 9080. This can lead to data deletion and replacement. The vulnerability was patched in version 25.3.5. Organizations should prioritize patching to prevent potent [truncated]
CVE-2026-44840 is a DQL injection vulnerability in Dgraph's GraphQL database. The vulnerability exists in the `checkUserPassword` GraphQL query and allows an attacker to inject malicious DQL queries. This could lead to unauthorized data access or modifications. Users should apply patches and restrict user-supplied input. The CVE record was published on 2026-07-08T14:16:59.493Z and last modified on 2026-07 [truncated]