What is CVE-2026-33344?

CVE-2026-33344 is a high-severity vulnerability in Dagu-org Dagu, classified under Path Traversal. CVSS score: 8.1/10. Published 2026-03-24.

How severe is CVE-2026-33344?

High severity. CVSS v3 base score is 8.1 out of 10.

Path Traversal in Dagu-org Dagu

CVE-2026-33344

Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (9.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Dagu-org Dagu — versions >= 2.0.0, < 2.3.1

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/dagu-org/dagu/security/advisories/GHSA-ph8x-4jfv-v9v8 (x_refsource_CONFIRM)
https://github.com/dagu-org/dagu/commit/7d07fda8f9de3ae73dfb081ccd0639f8059c56bb (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33344?: CVE-2026-33344 is a high-severity vulnerability in Dagu-org Dagu, classified under Path Traversal. CVSS score: 8.1/10. Published 2026-03-24.
How severe is CVE-2026-33344?: High severity. CVSS v3 base score is 8.1 out of 10.