VDB
CVE-2026-27598
CVE-2026-27598
PUBLISHED
CVSS 7.099999904632568 HIGH
Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory
EPSS 0.15% · 35.5th percentile
Risk Scores
CVSS 4.0
7.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.15%
35.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| dagu-org | dagu | <= 1.16.7 |
| github.com | dagu-org/dagu | 0 |
| dagu | dagu | 0 |
Exploit Intelligence
- https://github.com/dagu-org/dagu/security/advisories/GHSA-6v48-fcq6-ff23 (nist-nvd)
- CIRCL seen: CVE-2026-27598 (circl-sighting)
- CIRCL seen: CVE-2026-27598 (circl-sighting)
- CIRCL seen: CVE-2026-27598 (circl-sighting)
- CIRCL seen: CVE-2026-27598 (circl-sighting)
- https://github.com/dagu-org/dagu/commit/e2ed589105d79273e4e6ac8eb31525f765bb3ce4 (circl)
Timeline
- Feb 24, 2026 CVE Published
- Feb 25, 2026 EPSS Score
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 27, 2026 CVE Updated
- Feb 27, 2026 EPSS Score
- Feb 28, 2026 EPSS Score
- Mar 2, 2026 EPSS Score
- Mar 3, 2026 EPSS Score
- Mar 5, 2026 EPSS Score
- Mar 6, 2026 EPSS Score
- Mar 8, 2026 EPSS Score