Ralphm

**Name of the Vulnerable Software and Affected Versions** Netdata agent versions prior to 1.37 Netdata agent versions prior to 1.36.0-409 (nightly) **Description** The issue affects Netdata Agents that expose their services to non-trusted users, particularly when the streaming feature is enabled, allowing a parent Netdata Agent to handle functions for its children. An attacker can exploit this by using a valid MACHINE GUID as an API key. This can lead to unauthorized access and potential data manipulation. The estimated number of potentially affected devices is not specified. **Recommendations** For Netdata agent versions prior to 1.37, update to version 1.37 or later. For Netdata agent versions prior to 1.36.0-409 (nightly), update to version 1.36.0-409 (nightly) or later. As a temporary workaround, consider disabling the streaming feature by default or limiting access to the port on the recipient Agent to trusted child connections.