Dagu-org Dagu
4 CVEs affecting Dagu-org Dagu. Latest disclosed: 2026-03-24. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-31886 | Critical | 9.1 | 2026-03-13 | Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is pass… |
CVE-2026-33344 | High | 8.1 | 2026-03-24 | Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to C… |
CVE-2026-31882 | High | 7.5 | 2026-03-13 | Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication (DAGU_AUTH_MODE=basic), al… |
CVE-2026-27598 | | 2026-02-25 | Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the `CreateNewDAG` API endpoint (`POST /api/v1/dags`) doe… |