CVE Catalog

CVE-2026-47206

LowCVSS 2.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A vulnerability in Dragonfly before version 1.39.9 allows RESP protocol injection via the redis.error_reply() function in Lua within EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients.

Risk Assessment

The risk involves potential response desynchronization in clients using connection pools, which could lead to incorrect data processing or man-in-the-middle attacks at the protocol level.

Recommendation

It is recommended to immediately upgrade Dragonfly to version 1.39.9 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS