Critical Authentication Bypass in Dgraph Database Allows Remote Takeover

Dgraph disclosed a critical authentication bypass vulnerability (CVE-2026-34976) in its administrative API that allows unauthenticated attackers to overwrite databases and read sensitive server files.

**If you are using Dgraph, this is urgent. Immediately make sure that public access to Dgraph's administration port 8080 is blocked, and add restoreTenant to adminMutationMWConfig: "restoreTenant": gogMutMWs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-dgraph-database-allows-remote-takeover-a-s-2-r-4/gD2P6Ple2L