NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-47206

Summary	Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9.
Publication Date	June 27, 2026, 3:16 a.m.
Registration Date	June 27, 2026, 4:35 a.m.
Last Update	June 27, 2026, 3:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/dragonflydb/dragonfly/issues/7328	security-advisories@github.com
2	https://github.com/dragonflydb/dragonfly/pull/7332	security-advisories@github.com
3	https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h	security-advisories@github.com
4	https://github.com/dragonflydb/dragonfly/issues/7328	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-116	不適切なエンコード、または出力のエスケープ	https://cwe.mitre.org/data/definitions/116.html