Primary

Context

Dragonfly mTLS Certificate Validation Vulnerability in Certificate gRPC Service

Vulnerability

Patched

A vulnerability exists in Dragonfly versions prior to 2.1.0, allowing peers to obtain valid TLS certificates for arbitrary IP addresses. This flaw undermines the mutual TLS (mTLS) authentication, as the Manager's Certificate gRPC service fails to verify whether the requested IP addresses correspond to the peer's actual connection IP. The vulnerability arises because the service does not ensure that the peer is requesting a certificate for an IP address it is connected from.

Impact

Exploitation of this vulnerability allows for the issuance of mTLS certificates for any IP address, bypassing the intended authentication mechanism.

Remediation

Users can upgrade to Dragonfly version 2.1.0 or later to address this vulnerability.

Added: Sep 17, 2025, 8:19 PM

Updated: Sep 17, 2025, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dragonfly mTLS Certificate Validation Vulnerability in Certificate gRPC Service

Vulnerability

Impact

Remediation

Affected Products

Dragonfly

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating