Tailscale team reports:
In Tailscale versions earlier than 1.66.0, exit nodes,
subnet routers, and app connectors, could allow inbound
connections to other tailnet nodes from their local area
network (LAN). This vulnerability only affects Linux exit
nodes, subnet routers, and app connectors in tailnets where
ACLs allow “src”: “*”, such as with default ACLs.