CVE-2026-24124 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-24124 Interim 1 1 2026-03-05T00:16:29Z current 2026-03-05T00:16:29Z 2026-03-05T00:16:29Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-24124 Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with access to the Manager API to view, update and delete jobs. The issue is fixed in version 2.4.1-rc.1. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2026-February/024084.html E-Mail link for SUSE-SU-2026:0403-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints (/api/v1/jobs) lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with access to the Manager API to view, update and delete jobs. The issue is fixed in version 2.4.1-rc.1. CVE-2026-24124 not set