Understanding and Defending Against CVE-2026-54061: Unauthenticated Snapshot Import Vulnerability in Dgraph
CVE-2026-54061 is a critical vulnerability in Dgraph, an open-source distributed GraphQL database. The vulnerability exposes the RPCs used for external snapshot import on the public gRPC port without authentication or authorization, allowing an unauthenticated network client to delete and replace existing DB data. This analysis provides an in-depth look at the vulnerability, its exploitation mechanics, and defensive strategies.