Primary

Context

Dragonfly Unauthenticated Denial-of-Service Vulnerability in Manager Web UI

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Dragonfly, an open-source P2P-based file distribution and image acceleration system, in versions prior to 2.1.0. The issue arises because the /api/v1/jobs and /preheats endpoints in the Manager web UI can be accessed without authentication. This allows any user with network access to the Manager to create, delete, and modify jobs, as well as initiate preheat jobs. An unauthenticated adversary can exploit this by using the /api/v1/jobs endpoint to generate hundreds of unnecessary jobs, causing the Manager to enter a denial-of-service state where it stops processing requests from legitimate administrators.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition on the Manager, causing it to cease accepting requests from valid administrators.

Remediation

Users can upgrade to Dragonfly version 2.1.0 or later to address this vulnerability.

Added: Sep 17, 2025, 7:18 PM

Updated: Sep 17, 2025, 7:18 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

3.1

exploitability

5.3

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

3.1

exploitability

5.3

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dragonfly Unauthenticated Denial-of-Service Vulnerability in Manager Web UI

Vulnerability

Impact

Remediation

Affected Products

Dragonfly

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating