CVE-2026-29196

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 1.5.0

Description Netmaker, a networking tool utilizing WireGuard, contains an issue where a user with the platform-user role can access WireGuard private keys for all configurations within a network. This occurs through the use of specific API endpoints without proper filtering based on user ownership. The affected API Endpoints are /api/extclients/{network} and /api/nodes/{network}. The issue allows unauthorized retrieval of sensitive data, including WireGuard private keys, despite UI restrictions intended to limit visibility. The variable {network} represents the network identifier.

Recommendations Update to version 1.5.0 or later.