GO-2025-3964 — Vulnetix

GO-2025-3964 PUBLISHED

Dragonfly's directories created via os.MkdirAll are not checked for permissions in d7y.io/dragonfly

Affected Products

Vendor	Product	Versions
d7y.io	dragonfly/v2	0, 0
github.com	dragonflyoss/dragonfly	0, 0

Timeline

Sep 24, 2025 CVE Published
Mar 3, 2026 CVE Updated
May 1, 2026 Security Advisory

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›