HIGH🇵🇱 Wersja polska

CVE-2026-29771

CVSS 8.7v4.0pub. 2026-03-07upd. 2026-05-18

Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals. This issue has been patched in version 1.2.0.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Netmaker

    APP
    Netmaker
    < 1.2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2022-0664CRITICAL9.8ten sam produkt

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.

CVE-2026-38651HIGH8.2ten sam produkt

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function i...

CVE-2023-32077HIGH7.5ten sam produkt

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been ...

CVE-2023-32078HIGH7.5ten sam produkt

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in ...

CVE-2023-32079HIGH8.8ten sam produkt

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 ...