VDB
CVE-2026-33344
CVE-2026-33344
PUBLISHED
CVSS 8.100000381469727 HIGH
Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG
EPSS 0.03% · 9.5th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.03%
9.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| dagu-org | dagu | >= 2.0.0, < 2.3.1, >= 2.0.0, < 2.3.1, * |
| github.com | dagu-org/dagu | 1.30.4-0.20260221021317-e2ed589105d7, 1.30.4-0.20260221021317-e2ed589105d7, 1.30.4-0.20260221021317-e2ed589105d7 |
| dagu | dagu | 2.0.0, 2.0.0, 2.0.0 |
Exploit Intelligence
- https://github.com/dagu-org/dagu/security/advisories/GHSA-ph8x-4jfv-v9v8 (nist-nvd)
- CIRCL seen: CVE-2026-33344 (circl-sighting)
- CIRCL seen: CVE-2026-33344 (circl-sighting)
- https://github.com/dagu-org/dagu/commit/7d07fda8f9de3ae73dfb081ccd0639f8059c56bb (circl)
Timeline
- Mar 19, 2026 CVE Published
- Mar 20, 2026 Security Advisory
- Mar 24, 2026 PoC Published
- Mar 25, 2026 EPSS Score
- Mar 27, 2026 CVE Updated
- Mar 28, 2026 PoC Published
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score