The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-27598

CVE-2026-27598: Dagu Workflow Engine RCE Vulnerability

CVE-2026-27598 is a remote code execution flaw in Dagu workflow engine that allows authenticated attackers to write malicious files and execute arbitrary commands. This article covers technical details, affected versions, and fixes.

Published: February 27, 2026

CVE-2026-27598 Overview

CVE-2026-27598 is a path traversal vulnerability affecting Dagu, an open-source workflow engine with a built-in web user interface. The vulnerability exists in the CreateNewDAG API endpoint (POST /api/v1/dags), which fails to properly validate DAG names before passing them to the file store. This allows authenticated users with DAG write permissions to write arbitrary YAML files to any location on the filesystem, constrained only by the process permissions.

Since Dagu executes DAG files as shell commands, this vulnerability can be escalated to remote code execution by writing malicious DAG files to the DAGs directory of another instance or by overwriting critical configuration files.

Critical Impact

Authenticated attackers can achieve remote code execution by exploiting improper input validation in the DAG creation API, enabling arbitrary file writes that can be leveraged to execute malicious shell commands.

Affected Products

  • Dagu versions up to and including 1.16.7
  • Dagu workflow engine installations with web UI enabled
  • Multi-tenant Dagu deployments with shared filesystem access

Discovery Timeline

  • 2026-02-25 - CVE-2026-27598 published to NVD
  • 2026-02-25 - Last updated in NVD database

Technical Details for CVE-2026-27598

Vulnerability Analysis

The vulnerability stems from a path traversal flaw (CWE-22) in Dagu's DAG creation functionality. When a user creates a new DAG via the web API, the application accepts a DAG name parameter that is directly used to construct the file path where the YAML configuration will be stored. The lack of proper input validation allows directory traversal sequences (such as ../ or absolute paths) to escape the intended DAGs directory.

Because Dagu interprets DAG YAML files as workflow definitions that include shell command execution, an attacker who can write files to arbitrary locations can craft a malicious DAG that executes arbitrary commands when processed by the Dagu scheduler or when another user triggers the workflow.

Root Cause

The root cause lies in the generateFilePath function within internal/persis/filedag/store.go. The original implementation attempted to handle paths containing directory separators by resolving them to absolute paths, but this logic actually facilitated path traversal attacks rather than preventing them. The function failed to ensure that the resulting file path remained within the designated base directory.

Additionally, the validator in internal/core/validator.go did not properly reject special directory references like . and .., allowing these to be used as part of traversal attacks.

Attack Vector

The attack requires network access and authentication with DAG write permissions. An attacker exploits the vulnerability through the following sequence:

  1. Authenticate to the Dagu web interface with valid credentials
  2. Send a crafted POST request to /api/v1/dags with a malicious DAG name containing path traversal sequences
  3. The malicious YAML file is written to an attacker-controlled location
  4. If written to a DAGs directory, the malicious workflow executes shell commands when triggered

The security patch addresses this vulnerability by implementing proper path sanitization:

go
// Security patch in internal/core/validator.go
 	if name == "" {
 		return nil
 	}
+	if name == "." || name == ".." {
+		return ErrNameInvalidChars
+	}
 	if len(name) > DAGNameMaxLen {
 		return ErrNameTooLong
 	}

Source: GitHub Commit e2ed589

The file storage logic was also hardened to strip directory components and verify path containment:

go
// Security patch in internal/persis/filedag/store.go
// generateFilePath generates the file path for a DAG by its name.
+// It uses filepath.Base to strip directory components and verifies
+// the result stays inside baseDir to prevent path traversal.
func (store *Storage) generateFilePath(name string) string {
-	if strings.Contains(name, string(filepath.Separator)) {
-		filePath, err := filepath.Abs(name)
-		if err == nil {
-			return filePath
-		}
-	}
-	filePath := fileutil.EnsureYAMLExtension(path.Join(store.baseDir, name))
-	return filepath.Clean(filePath)
+	safeName := filepath.Base(name)
+	filePath := fileutil.EnsureYAMLExtension(path.Join(store.baseDir, safeName))
+	filePath = filepath.Clean(filePath)
+	// Verify the resolved path is inside baseDir.
+	basePrefix := filepath.Clean(store.baseDir) + string(filepath.Separator)
+	if !strings.HasPrefix(filePath, basePrefix) {
+		return filepath.Join(store.baseDir, "_invalid.yaml")
+	}
+	return filePath
}

Source: GitHub Commit e2ed589

Detection Methods for CVE-2026-27598

Indicators of Compromise

  • Unexpected YAML files appearing outside the designated DAGs directory
  • DAG creation requests containing path traversal sequences (../, ..\\, or absolute paths) in API logs
  • Unusual shell command execution originating from Dagu worker processes
  • New or modified YAML files in system configuration directories

Detection Strategies

  • Monitor HTTP request logs for POST /api/v1/dags requests containing suspicious characters like .., /, or \ in the DAG name parameter
  • Implement file integrity monitoring on Dagu configuration and DAGs directories to detect unauthorized file creation
  • Review application logs for DAG creation events with names containing path separators or special directory references
  • Deploy web application firewall rules to block requests with path traversal patterns in JSON payloads

Monitoring Recommendations

  • Enable verbose logging on the Dagu API server to capture full request details for forensic analysis
  • Set up alerts for file writes outside the expected DAGs directory by the Dagu process
  • Monitor for unexpected workflow executions, especially those containing suspicious shell commands
  • Implement user activity auditing to track DAG creation and modification events by user account

How to Mitigate CVE-2026-27598

Immediate Actions Required

  • Upgrade Dagu to a version containing commit e2ed589105d79273e4e6ac8eb31525f765bb3ce4 or later immediately
  • Review existing DAG files for any unexpected or malicious content that may have been injected
  • Audit user accounts with DAG write permissions and revoke unnecessary access
  • Check system directories for any unauthorized YAML files that may have been written via this vulnerability

Patch Information

The vulnerability has been fixed in commit e2ed589105d79273e4e6ac8eb31525f765bb3ce4. The patch implements two key security controls:

  1. Input validation enhancement: The validator now explicitly rejects . and .. as DAG names
  2. Path containment verification: The file path generation function uses filepath.Base() to strip directory components and verifies the final path remains within the base directory

For detailed information, refer to the GitHub Security Advisory GHSA-6v48-fcq6-ff23.

Workarounds

  • Restrict DAG write permissions to only essential administrative users until the patch can be applied
  • Deploy a reverse proxy or WAF rule to filter requests containing path traversal patterns in the DAG name field
  • Run Dagu with minimal filesystem permissions to limit the impact of arbitrary file writes
  • Isolate Dagu instances in containerized environments with restricted volume mounts
bash
# Example: Run Dagu with restricted filesystem access using Docker
docker run -d \
  --name dagu \
  --read-only \
  --tmpfs /tmp \
  -v /app/dags:/app/dags:rw \
  -v /app/config:/app/config:ro \
  --user 1000:1000 \
  dagu:latest

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeRCE
  • Vendor/TechDagu
  • SeverityHIGH
  • CVSS Score7.1
  • EPSS Probability0.07%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityHigh
  • AvailabilityNone
  • CWE References
  • CWE-22
  • Vendor Resources
  • GitHub Commit Details
  • GitHub Security Advisory GHSA-6v48-fcq6-ff23
  • Related CVEs
  • CVE-2026-33344: Dagu Workflow Engine Path Traversal Flaw
  • CVE-2026-31882: Dagu Workflow Engine Auth Bypass Flaw
  • CVE-2026-31886: Dagu Workflow Engine DOS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English