Auth bypass in Signalk Signalk-server

CVE-2026-33951

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorit…

EPSS: 0.001 (27.5th percentile) — read the EPSS interpretation.

Affected products

Signalk Signalk-server — versions < 2.24.0-beta.1

Weakness classification (CWE)

References

https://github.com/SignalK/signalk-server/security/advisories/GHSA-gfmv-vh34-h2x5 (x_refsource_CONFIRM)
https://github.com/SignalK/signalk-server/releases/tag/v2.24.0-beta.1 (x_refsource_MISC)