anonhaven
Ad

CVE-2026-29195

MEDIUM CVSS 4.0: 6.9
Updated Mar 07, 2026
Wireguard
Parameter Value
CVSS 6.9 (MEDIUM)
Fixed In 1.5.0
Type CWE-863 (Incorrect Authorization (Неправильная авторизация))
Vendor Wireguard
Public PoC No

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role.

This issue has been patched in version 1.5.0.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
High
Нужны права администратора
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
None
Нет утечки данных
Integrity
High
Полная модификация данных
Availability
None
Нет нарушения работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-863 Incorrect Authorization (Неправильная авторизация)

References 2

https://github.com/gravitl/netmaker/releases/tag/v1.5.0
security-advisories@github.com
https://github.com/gravitl/netmaker/security/advisories/GHSA-ch3w-9456-38v3
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-29196

Wireguard

8.7

CVE-2026-29781

Wireguard

5.3

CVE-2026-29771

Wireguard

8.7

CVE-2026-29194

Wireguard

8.6