CVE-2024-41260

Published: Aug 1, 2024

Modified: Dec 15, 2025

PUBLISHED

Description

A static initialization vector (IV) in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information (email addresses) when in possession of the audit events database.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/nyxfqq/92232108ac153e95d538bb17fc5ad636

https://github.com/netbirdio/netbird/pull/2569

https://github.com/github/advisory-database/pull/5714

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-41260

Description

Affected Products

References