CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/10 6:28 p.m.•1 views

GO-2026-4566 WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level in github.com/h44z/wg-portal

WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

8.8CVSS5.8AI score0.00095EPSS

Exploits0References5

RedhatCVE•added 2026/02/27 4:13 a.m.•3 views

CVE-2026-27899

EUVD•added 2026/02/26 10:22 p.m.•3 views

EUVD-2026-8797

WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level...

8.8CVSS5.2AI score0.00095EPSS

Exploits0References5

Github Security Blog•added 2026/02/26 10:22 p.m.•6 views

WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level

Privilege Escalation to Admin via User Self-Update in wg-portal Summary Any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. After logging out and back in, the session picks up...

Exploits0References6Affected Software1

NVD•added 2026/02/26 2:16 a.m.•1 views

CVE-2026-27899

8.8CVSS0.00095EPSS

OSV•added 2026/02/26 12:50 a.m.•2 views

CVE-2026-27899 WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update

8.8CVSS5.6AI score0.00095EPSS

ATTACKERKB•added 2026/02/26 12:50 a.m.•2 views

CVE-2026-27899

Exploits0References2Affected Software1

CVE•added 2026/02/26 12:50 a.m.•11 views

CVE-2026-27899

WireGuard Portal (wg-portal) prior to v2.1.3 allows any authenticated non-admin user to elevate to full admin by sending IsAdmin=true in a PUT to their own profile, with the admin flag not being preserved by the server’s protection logic. After logout and login, the session inherits admin privile...

Exploits0References1Affected Software1

Vulnrichment•added 2026/02/26 12:50 a.m.•3 views

CVE-2026-27899 WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update

8.8CVSS5.9AI score0.00095EPSS

Cvelist•added 2026/02/26 12:50 a.m.•18 views

CVE-2026-27899 WireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-Update

8.8CVSS0.00095EPSS

CNNVD•added 2026/02/26 12:0 a.m.•3 views

WireGuard Portal v2 安全漏洞

WireGuard Portal v2 is a web-based configuration portal developed by h44z as an individual project. Versions of WireGuard Portal v2 prior to 2.1.3 contained security vulnerabilities. These vulnerabilities stemmed from the server’s inability to protect the IsAdmin field when parsing JSON request...

8.8CVSS7.3AI score0.00095EPSS

Positive Technologies•added 2026/02/26 12:0 a.m.•4 views

PT-2026-22074

Name of the Vulnerable Software and Affected Versions WireGuard Portal versions prior to 2.1.3 Description WireGuard Portal, a web-based configuration portal for WireGuard server management, contains a flaw that allows authenticated non-admin users to escalate their privileges to full administrat...

9.9CVSS5.9AI score0.07313EPSS

Exploits68References144

OSV•added 2026/02/05 3:20 a.m.•3 views

GO-2026-4398 WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow in github.com/h44z/wg-portal

WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

5.4AI score

OSV•added 2026/02/02 9:16 p.m.•3 views

GHSA-GRH9-37G7-53MJ WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow

Summary An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint...

6.1CVSS5.4AI score

Exploits0References4

Veracode•added 2025/01/14 6:54 a.m.•8 views

Open Redirection

github.com/h44z/wg-portal is vulnerable to Open Redirection. The vulnerability is due to improper handling of OAuth or OIDC authentication backends, which can be exploited when a user visits a malicious website in WireGuard Portal v2...

7.2AI score

Exploits0References2Affected Software1

OSV•added 2025/01/08 7:19 p.m.•4 views

GO-2025-3371 WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover in github.com/h44z/wg-portal

WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

7AI score

Exploits0References2

Github Security Blog•added 2025/01/07 3:52 p.m.•19 views

WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

Impact Users of WireGuard Portal v2 who have OAuth or OIDC authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website. Patches The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' buil...

7.3AI score

Exploits0References3Affected Software1

OSV•added 2025/01/07 3:52 p.m.•3 views

GHSA-2R2V-9PF8-6342 WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

7.3AI score