3 matches found
CVE-2026-29194
CVE-2026-29194 affects Netmaker (WireGuard-based networks). Before v1.5.0, the Authorize middleware can mishandle host JWT validation when hostAllowed=true, allowing a valid host token to bypass subsequent authorization checks without verifying host-resource authorization. An attacker with knowle...
CVE-2026-29196
CVE-2026-29196 affects Netmaker prior to 1.5.0, where a user with the platform-user role could obtain WireGuard private keys for all configs in a network via API calls to GET /api/extclients/{network} or GET /api/nodes/{network}. The UI restricts visibility, but these API endpoints return full re...
CVE-2026-29195
This CVE concerns Netmaker (WireGuard-based) where, prior to v1.5.0, the PUT /api/users/{username} handler failed to validate attempts by an admin to assign super-admin during user updates. The result could allow an admin-user to elevate to super-admin, since the check to prevent super-admin assi...