CVE-2026–34976 affects all versions of Dgraph up to v25.3.0 and carries a CVSS score of 10.0. The cause is straightforward and, for that reason, particularly uncomfortable: the restoreTenant administrative mutation was omitted from the authentication middleware mapping. Not bypassed. Not misconfigured. Omitted. The function exists, the endpoint is reachable, and there is nothing in front of it asking who you are.

There is currently no patch available.

What the exposed function actually does

restoreTenant is an administrative operation that accepts external URLs as input — which is where the exposure becomes serious. An unauthenticated attacker with network access to the admin endpoint has four meaningful exploitation paths available.

The first is direct database overwriting. A malicious backup file supplied via URL can replace the existing database contents entirely. The second is local file probing — error message leakage from malformed requests reveals information about the underlying filesystem. The third is server-side request forgery, using the URL-accepting function to reach internal services that have no direct external exposure. The fourth, and most significant in cloud-native environments, is Kubernetes service account token theft. If Dgraph is running inside a Kubernetes cluster, SSRF against the metadata endpoint is a realistic path to credential access with consequences well beyond the database itself.

The attack surface scales with where Dgraph sits in your infrastructure. A misconfigured deployment with an internet-facing admin port is catastrophically exposed. An internally-facing deployment without network segmentation is only marginally better — lateral movement from any compromised internal host becomes a straightforward escalation path.

Defender actions

There is no vendor patch to apply. Mitigation is entirely network and access control dependent until one is released.

  • Immediately audit whether Dgraph admin ports are exposed to anything beyond a strictly defined trusted network range — default admin port is 8080; treat any external reachability as a critical finding requiring same-day remediation
  • Enforce firewall rules restricting the administrative endpoint to specific trusted IPs or internal subnets only; broad internal network access is not sufficient given the SSRF risk
  • If running in Kubernetes, verify that instance metadata endpoints are not reachable from Dgraph's network namespace — this directly limits the token theft path
  • In SIEM, alert on any unexpected outbound connections originating from Dgraph processes, particularly to internal metadata services or unfamiliar external URLs
  • Review Dgraph deployment configurations for any environment where the admin endpoint is exposed as part of a load-balanced or publicly accessible service — these were likely misconfigured from initial deployment and predate this CVE
  • Track the Dgraph release channel for a patched version and treat this as a priority update the moment one is available

An omitted middleware mapping is not an exotic vulnerability class. It is a code review failure, and it produced a perfect score.

None