CVE-2026-29194

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication (hostAllowed=true), a valid host token bypasses all subsequent authorization checks without verifying that the host is authorized to access the specific requested resource. Any entity possessing knowledge of object identifiers (node IDs, host IDs) can craft a request with an arbitrary valid host token to access, modify, or delete resources belonging to other hosts. Affected endpoints include node info retrieval, host deletion, MQTT signal transmission, fallback host updates, and failover operations. This issue has been patched in version 1.5.0.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/gravitl/netmaker/releases/tag/v1.5.0	Product Release Notes
https://github.com/gravitl/netmaker/security/advisories/GHSA-hmqr-wjmj-376c	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-07 16:15

Updated : 2026-03-11 16:46

NVD link : CVE-2026-29194

Mitre link : CVE-2026-29194

CVE.ORG link : CVE-2026-29194

JSON object : View

Products Affected

gravitl

netmaker

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2026-29194", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-07T16:15:54.507", "references": [{"url": "https://github.com/gravitl/netmaker/releases/tag/v1.5.0", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-hmqr-wjmj-376c", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication (hostAllowed=true), a valid host token bypasses all subsequent authorization checks without verifying that the host is authorized to access the specific requested resource. Any entity possessing knowledge of object identifiers (node IDs, host IDs) can craft a request with an arbitrary valid host token to access, modify, or delete resources belonging to other hosts. Affected endpoints include node info retrieval, host deletion, MQTT signal transmission, fallback host updates, and failover operations. This issue has been patched in version 1.5.0."}, {"lang": "es", "value": "Netmaker crea redes con WireGuard. Antes de la versi\u00f3n 1.5.0, el middleware Authorize en Netmaker valida incorrectamente los tokens JWT de host. Cuando una ruta permite la autenticaci\u00f3n de host (hostAllowed=true), un token de host v\u00e1lido omite todas las comprobaciones de autorizaci\u00f3n posteriores sin verificar que el host est\u00e1 autorizado para acceder al recurso espec\u00edfico solicitado. Cualquier entidad que posea conocimiento de identificadores de objeto (IDs de nodo, IDs de host) puede elaborar una solicitud con un token de host v\u00e1lido arbitrario para acceder, modificar o eliminar recursos pertenecientes a otros hosts. Los endpoints afectados incluyen la recuperaci\u00f3n de informaci\u00f3n de nodo, la eliminaci\u00f3n de host, la transmisi\u00f3n de se\u00f1al MQTT, las actualizaciones de host de respaldo y las operaciones de conmutaci\u00f3n por error. Este problema ha sido parcheado en la versi\u00f3n 1.5.0."}], "lastModified": "2026-03-11T16:46:09.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BC0009A-5594-47A8-AB15-257A6742197D", "versionEndExcluding": "1.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}