CVE-2026-24124: Dragonfly Manager Job API Unauthenticated Access

January 22, 2026 (updated January 23, 2026)

Dragonfly Manager’s Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption.

References

github.com/advisories/GHSA-j8hf-cp34-g4j7
github.com/dragonflyoss/dragonfly
github.com/dragonflyoss/dragonfly/commit/9fb9a2dfde3100f32dc7f48eabee4c2b64eac55f
github.com/dragonflyoss/dragonfly/security/advisories/GHSA-j8hf-cp34-g4j7
nvd.nist.gov/vuln/detail/CVE-2026-24124

Code Behaviors & Features

Detect and mitigate CVE-2026-24124 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →