CVE-2025-26269
DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
CVE-2025-26268
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.