2 matches found
CVE-2020-11498
CVE-2020-11498 affects Slack Nebula up to version 1.1.0. A relative-path vulnerability in the tunnel drivers tun_darwin.go and tun_windows.go allows a low-privileged attacker to execute code in the context of the root user, with potential user-context execution as well. The issue enables path tra...
CVE-2026-25793
Nebula (versions 1.7.0–1.10.2) is vulnerable when CURVE_P256 is used. An ECDSA Signature Malleability flaw allows copying a certificate to produce a different fingerprint, enabling blocklist bypass for fingerprint-based entries. The issue is fixed in version 1.10.3. Impact is described as high (c...