Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.6 views

CVE-2026-24904

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.6 views

CVE-2026-24902

TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In tcpforwarder.rs, SSRF protection for allowprivatenetworkconnections = false was only applied in the TcpDestination::HostNamepeer path. The...

7.1CVSS5.9AI score0.0023EPSS
Exploits1References1
NVD
NVD
added 2026/01/29 10:15 p.m.8 views

CVE-2026-24904

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...

5.3CVSS0.00257EPSS
Exploits1References2
OSV
OSV
added 2026/01/29 9:21 p.m.7 views

CVE-2026-24902 TrustTunnel has SSRF and private network restriction bypass via numeric address destinations

TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In tcpforwarder.rs, SSRF protection for allowprivatenetworkconnections = false was only applied in the TcpDestination::HostNamepeer path. The...

7.1CVSS5.9AI score0.0023EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:19 p.m.5 views

CVE-2026-24904

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.16 views

PT-2026-5356

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tls listener.rs, TlsListener::listen peeks 1024 bytes and calls extract client random.... If parse tls plaintext fails for example, a fragmented/partial ClientHello split across TCP writes, extrac...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References2
Rows per page
Query Builder