← Zuruck zu CVEs
CVE-2026-29196
MEDIUM4.3
Beschreibung
Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership. This issue has been patched in version 1.5.0.
CVE Details
CVSS v3.1 Bewertung4.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht3/7/2026
Zuletzt geandert3/12/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
gravitl:netmaker
Schwachen (CWE)
CWE-863
Referenzen
https://github.com/gravitl/netmaker/releases/tag/v1.5.0(security-advisories@github.com)
https://github.com/gravitl/netmaker/security/advisories/GHSA-4hgg-c4rr-6h7f(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.