Critical CVSS 10.0 RCE Vulnerability CVE-2026-34976 in Dgraph Distributed Database

CVE-2026-34976 is a critical remote code execution vulnerability in Dgraph, an open-source distributed GraphQL database, affecting versions prior to 25.3.1. With a maximum CVSS score of 10.0, this vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected Dgraph instances. Dgraph is widely deployed in production environments for high-performance graph data workloads, making this vulnerability particularly impactful for organizations relying on it for data-intensive applications. The vulnerability was published on April 6-7, 2026, and organizations should treat it as a critical priority for immediate remediation. Recommended mitigations: Upgrade Dgraph to version 25.3.1 or later immediately, restrict network access to Dgraph instances to trusted sources only, implement firewall rules to block unauthorized access to Dgraph ports, and audit Dgraph deployments for signs of compromise.