A vulnerability, which was classified as problematic, has been found in dragonflydb Dragonfly up to 1.39.0. This affects an unknown part of the file /api/v1/oauth of the component OAuth Provider. The manipulation leads to information disclosure.

This vulnerability is listed as CVE-2026-49254. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.