CVE-2026-47206
LowCVSS 2.3Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
A vulnerability in Dragonfly before version 1.39.9 allows RESP protocol injection via the redis.error_reply() function in Lua within EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients.
Risk Assessment
The risk involves potential response desynchronization in clients using connection pools, which could lead to incorrect data processing or man-in-the-middle attacks at the protocol level.
Recommendation
It is recommended to immediately upgrade Dragonfly to version 1.39.9 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9.

