CVE-2026-40077

Name of the Vulnerable Software and Affected Versions Beszel versions prior to 0.18.7

Description Beszel is a server monitoring platform. Some API endpoints in the Beszel hub accept a user-supplied system ID without verifying user access permissions. This allows authenticated users to access routes for any system if they know the system's ID. System IDs are 15-character alphanumeric strings, and while not generally exposed, can potentially be enumerated by authenticated users through the web API. Accessing container endpoints also requires enumerating 12-digit hexadecimal container IDs.

Recommendations Update to version 0.18.7 or later.