GO-2025-3965 — Vulnetix

GO-2025-3965 PUBLISHED

Dragonfly doesn't have authentication enabled for some Manager’s endpoints in d7y.io/dragonfly

Affected Products

Vendor	Product	Versions
d7y.io	dragonfly/v2	0, 0
github.com	dragonflyoss/dragonfly	0, 0

Timeline

Sep 24, 2025 CVE Published
Mar 3, 2026 CVE Updated
May 1, 2026 Security Advisory

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›