CVE-2025-68272

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling

SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...

Allocation of Resources Without Limits or Throttling

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /signalk/v1/access/requests endpoint. An attacker can cause the server to exhaust memory resources and...

EUVD-2025-206139

Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding...