Dragonfly: RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer

Description

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9.

Affected Products

Vendor	Product	Versions
dragonflydb	dragonfly	< 1.38.9

References

https://github.com/dragonflydb/dragonfly/security/advisories/GHSA-h77h-c6hc-qc9h(x_refsource_CONFIRM)
https://github.com/dragonflydb/dragonfly/issues/7328(x_refsource_MISC)
https://github.com/dragonflydb/dragonfly/pull/7332(x_refsource_MISC)

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-47206 | dragonflydb dragonfly up to 1.38.8 RESP Protocol redis.error_reply escape output

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

1.39.9

CWECWE-116

PublishedJun 26, 2026

Last enriched1d agov2

Trending Score25

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (1)

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL, added description details, and specified that the patch is available in version 1.39.9.

descriptionseveritypatchAvailable

via VulDB

v11d ago

Initial creation