659 matches found
CVE-2026-10665
In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...
CVE-2026-10665
CVE-2026-10665 concerns Zephyr’s WireGuard implementation (subsys/net/lib/wireguard). The flaw: wg_process_data_message() linearizes an inbound payload into a fixed pool buffer, passing the attacker-controlled data_len as both the destination capacity and copy length to net_buf_linearize, ignorin...
CVE-2026-10665 Heap buffer overflow on WireGuard receive path via unbounded incoming packet length
In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...
PT-2026-57567
Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description An out-of-bounds write exists in the WireGuard subsystem within the wg process data message function located in wg crypto.c. The issue occurs when an inbound transport-data payload is linearized into a fixed po...
Improper Access Control
Coder is vulnerable to Improper Access Control. The vulnerability is due to the tailnet coordinator validating an agent's Addresses but not its AllowedIPs, which allows an authenticated attacker to advertise unauthorized IP prefixes that are propagated to WireGuard peers, potentially enabling...
CVE-2026-55428
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...
CVE-2026-55428
CVE-2026-55428 (Coder) describes a route hijack risk in the tailnet coordinator where an agent’s AllowedIPs are not validated against the agent’s authenticated UUID, unlike the Addresses check. The coordinator forwards adversarially supplied AllowedIPs to WireGuard peers, potentially enabling an ...
CVE-2026-55428 Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...
Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
Summary The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration. Impact A...
GHSA-WRQ8-FCV5-8HVP Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator
Summary The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration. Impact A...
PT-2026-56072
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description The tailnet coordinator fails to validate that an agent's AllowedIPs derive from its authenticated UUID,...
Linux Distros Unpatched Vulnerability : CVE-2026-52945
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert wireguard: device: enable threaded NAPI This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit...
CVE-2026-52945
A flaw was found in the Linux kernel's WireGuard component. Under heavy network load, particularly when used with Cilium, the threaded NAPI New API implementation can cause the decryption side for a WireGuard peer to stop processing traffic. This leads to a complete stall of network communication...
EUVD-2026-38813
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...
CVE-2026-52945
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...
CVE-2026-52945 Revert "wireguard: device: enable threaded NAPI"
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...
CVE-2026-52945 Revert "wireguard: device: enable threaded NAPI"
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...
CVE-2026-52945
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...
CVE-2026-52945
The CVE-2026-52945 entry describes a Linux kernel vulnerability in the WireGuard component where enabling threaded NAPI can cause the decryption path for a WireGuard peer to stall under heavy network load (notably with Cilium), effectively causing a DoS for that peer while other peers remain func...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘wireguard: device: enable threaded NAPI’” This resolution corresponds to commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c, which is a commit from upstream. We have received three independent reports from production users...