CVE-2026-29195

UNKNOWN 0.0

Netmaker: Privilege Escalation from Admin to Super-Admin via User Update

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role. This issue has been patched in version 1.5.0.

CWE	CWE-863
Vendor	gravitl
Product	netmaker
Published	Mar 7, 2026
Last Updated	Mar 9, 2026

Stay Ahead of the Next One

Get instant alerts for gravitl netmaker

Be the first to know when new unknown vulnerabilities affecting gravitl netmaker are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

gravitl / netmaker

< 1.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/gravitl/netmaker/security/advisories/GHSA-ch3w-9456-38v3 github.com: https://github.com/gravitl/netmaker/releases/tag/v1.5.0