Gravitl Netmaker
9 CVEs affecting Gravitl Netmaker. Latest disclosed: 2026-03-07. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-32079 | High | 8.8 | 2023-08-24 | Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escala… |
CVE-2022-36110 | High | 8.8 | 2022-09-09 | Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If… |
CVE-2023-32078 | High | 7.5 | 2023-08-24 | Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user u… |
CVE-2023-32077 | High | 7.5 | 2023-08-24 | Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to intera… |
CVE-2022-23650 | High | 7.2 | 2022-02-18 | Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cry… |
CVE-2026-29771 | Medium | 6.5 | 2026-03-07 | Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall… |
CVE-2026-29196 | | 2026-03-07 | Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard con… | |
CVE-2026-29195 | | 2026-03-07 | Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role u… | |
CVE-2026-29194 | | 2026-03-07 | Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permit… |