CVE-2026-29196
- EPSS 0.25%
- Veröffentlicht 07.03.2026 16:15:08
- Zuletzt bearbeitet 12.03.2026 13:44:29
Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. Whi...
CVE-2026-29195
- EPSS 0.23%
- Veröffentlicht 07.03.2026 16:14:06
- Zuletzt bearbeitet 12.03.2026 13:57:57
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly bl...
CVE-2026-29194
- EPSS 0.37%
- Veröffentlicht 07.03.2026 16:12:51
- Zuletzt bearbeitet 11.03.2026 16:46:09
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication (hostAllowed=true), a valid host token bypasses all subsequent author...
CVE-2026-29771
- EPSS 0.33%
- Veröffentlicht 07.03.2026 15:14:38
- Zuletzt bearbeitet 18.05.2026 16:44:17
Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of ...