Back to search
CVE-2026-29196
Published: Mar 7, 2026
Modified: Mar 9, 2026
PUBLISHED
Description
Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership. This issue has been patched in version 1.5.0.
| Vendor | Product | Versions |
|---|---|---|
gravitl | netmaker | affected < 1.5.0 |
Weaknesses (CWE)
References
https://github.com/gravitl/netmaker/security/advisories/GHSA-4hgg-c4rr-6h7f
x_refsource_CONFIRM
https://github.com/gravitl/netmaker/releases/tag/v1.5.0
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now