Lucene search
K

4 matches found

Snyk
Snyk
added 2026/03/09 5:27 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GET /api/extclients/network or GET /api/nodes/network endpoints. An attacker can obtain sensitive WireGuard private keys belonging to other users by sending requests to these API endpoints, as the respons...

8.7CVSS5.9AI score0.00252EPSS
Exploits0References2
NVD
NVD
added 2026/03/07 5:15 p.m.7 views

CVE-2026-29196

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...

8.7CVSS0.00252EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 4:15 p.m.3 views

CVE-2026-29196 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...

8.7CVSS5.8AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2026/03/07 4:15 p.m.20 views

CVE-2026-29196

CVE-2026-29196 affects Netmaker prior to 1.5.0, where a user with the platform-user role could obtain WireGuard private keys for all configs in a network via API calls to GET /api/extclients/{network} or GET /api/nodes/{network}. The UI restricts visibility, but these API endpoints return full re...

8.7CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder