CVE-2025-59346 | dragonflyoss Dragonfly up to 2.0.x HTTP Endpoint pieceManager.DownloadSource server-side request forgery (GHSA-g2rq-jv54-wcpr)

A vulnerability marked as critical has been reported in dragonflyoss Dragonfly up to 2.0.x. Impacted is the function pieceManager.DownloadSource of the component HTTP Endpoint. This manipulation causes server-side request forgery.

The identification of this vulnerability is CVE-2025-59346. It is possible to initiate the attack remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More