Vulnerability in Dragonflydb Dragonfly

CVE-2026-47206

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages i…

Affected products

Dragonflydb Dragonfly — versions < 1.38.9

Weakness classification (CWE)

CWE-116 — Improper Encoding or Escaping of Output

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)