Missing Report of Error Condition

CVE-2025-26268

Low

3.3/10

Summary

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-392 - Missing Report of Error Condition

The software encounters an error but does not provide a status code or return value to indicate that an error has occurred.

References

Advisory Timeline

Published Apr 17, 2025

Missing Report of Error Condition

CVE-2025-26268

Summary

CWE-392 - Missing Report of Error Condition

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS