GO-2025-3974 — Vulnetix

GO-2025-3974 PUBLISHED

DragonFly's tiny file download uses hard coded HTTP protocol in d7y.io/dragonfly

Affected Products

Vendor	Product	Versions
github.com	dragonflyoss/dragonfly	0, 0
d7y.io	dragonfly/v2	0, 0

Timeline

Sep 24, 2025 CVE Published
Mar 3, 2026 CVE Updated
May 1, 2026 Security Advisory

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›