PT-2026-23870 · Wireguard+1 · Wireguard+1

Artem Danilov

Publicado

2025-08-08

Atualizado

2026-03-25

CVE-2026-29195

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 1.5.0

Description Netmaker, which utilizes WireGuard, has an issue where the user update handler does not properly validate role assignments. Specifically, an administrator-role user can assign the super-admin role to another user via the PUT /api/users/{username} API endpoint. The system prevents an administrator from assigning the administrator role, but lacks a similar check for the super-admin role. The vulnerable parameter is username.

Recommendations Update to version 1.5.0 or later.

Exploit

Correção

LPE

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

BDU:2026-03335

CVE-2026-29195

GHSA-CH3W-9456-38V3

GO-2026-4654

SUSE-SU-2026:1042-1

Produtos afetados

Netmaker

Wireguard

PT-2026-23870 · Wireguard+1 · Wireguard+1

CVE-2026-29195

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 141