CVE-2026-39880

Name of the Vulnerable Software and Affected Versions Remnawave Backend versions prior to 2.7.5

Description A flaw exists in the HWID device registration logic of Remnawave Backend prior to version 2.7.5. An authenticated user can circumvent the configured limit for registered HWID devices, enabling them to register more devices than permitted. This could lead to unauthorized resale of subscriptions and excessive traffic consumption.

Recommendations Update to version 2.7.5 or later.