Lucene search
K

123 matches found

NVD
NVD
added last week9 views

CVE-2026-59800

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS0.01372EPSS
Exploits0References2
EUVD
EUVD
added last week5 views

EUVD-2026-42073

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score0.01372EPSS
Exploits0References2
CVE
CVE
added last week22 views

CVE-2026-59800

The CVE-2026-59800 entry describes an OS command injection in 9Router

9.8CVSS6.3AI score0.01372EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-59800

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.8CVSS6.3AI score0.01372EPSS
Exploits0References3
OSV
OSV
added last week8 views

CVE-2026-59800 9Router < 0.4.44 - OS Command Injection via sudoPassword Parameter in Tailscale Install Endpoint

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.2CVSS6.3AI score0.01372EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 8:17 p.m.13 views

GHSA-G6G7-PVMX-M74P 9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

9.2CVSS5.9AI score0.01372EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/02 8:17 p.m.10 views

Missing Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization via the POST /api/tunnel/tailscale-install route handler, which accepts a JSON body containing a sudoPassword field and pipes it, along with the contents o...

9.8CVSS6.2AI score0.01372EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/02 8:17 p.m.27 views

9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

9.8CVSS5.9AI score0.01372EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/07/02 12:0 a.m.20 views

9router: Missing Authorization and OS Command Injection

POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawned as sudo -S sh. The route is not present in the dashboard middleware matcher in src/proxy.js, so the request reaches...

9.8CVSS5.8AI score0.01372EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/29 7:16 p.m.9 views

CVE-2026-57999

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS0.01179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/29 6:16 p.m.6 views

CVE-2026-57999 luci-app-tailscale-community - Command Injection via tailscale.do_login RPC

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS6AI score0.01179EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 6:16 p.m.33 views

CVE-2026-57999 luci-app-tailscale-community - Command Injection via tailscale.do_login RPC

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS0.01179EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 6:16 p.m.6 views

EUVD-2026-40171

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS6AI score0.01179EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 6:16 p.m.6 views

CVE-2026-57999

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS6AI score0.01179EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 6:16 p.m.40 views

CVE-2026-57999

CVE-2026-57999 affects luci-app-tailscale-community. The vulnerability is a command injection in the tailscale.do_login RPC method caused by improper quoting of user-controlled loginserver and loginserver_authkey inside a double-quoted shell command, allowing shell substitutions (e.g., $()) to be...

8.8CVSS6AI score0.01179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53682

Name of the Vulnerable Software and Affected Versions luci-app-tailscale-community affected versions not specified Description An issue in the tailscale.do login RPC method allows authenticated users to execute arbitrary commands with root privileges. This occurs because the loginserver and...

8.8CVSS6.1AI score0.01179EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/09 1:22 a.m.15 views

[SECURITY] Fedora 44 Update: tailscale-1.98.4-1.fc44

The easiest, most secure way to use WireGuard and 2FA...

5CVSS7.5AI score0.00153EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.37 views

Fedora 44 : tailscale (2026-07897c0238)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-07897c0238 advisory. - update to 1.98.4 - Allow nftables to satisfy firewall dependency in lieu of iptables rhbz2453924 - Fix 45s timeout on shutdowns in certain cases...

5CVSS5.7AI score0.00153EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.21 views

Fedora 45 : tailscale (2026-c3b7c062a3)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c3b7c062a3 advisory. Automatic update for tailscale-1.98.4-1.fc45. Changelog Sun May 31 2026 Jonathan Wright - 1.98.4-1 - update to 1.98.4 - Allow nftables to satisfy...

5CVSS7.3AI score0.00153EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/07 6:20 a.m.106 views

aerobi-poc

Aerobi POC — Simulação local de monitoramento de câmeras Labo...

5.8AI score
Exploits0
Rows per page
Query Builder