CVE-2026-29196

UNKNOWN 0.0

Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/{network} or GET /api/nodes/{network}. While the Netmaker UI restricts visibility, the API endpoints return full records, including private keys, without filtering based on the requesting user's ownership. This issue has been patched in version 1.5.0.

CWE	CWE-863
Vendor	gravitl
Product	netmaker
Published	Mar 7, 2026
Last Updated	Mar 9, 2026

Stay Ahead of the Next One

Get instant alerts for gravitl netmaker

Be the first to know when new unknown vulnerabilities affecting gravitl netmaker are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

gravitl / netmaker

< 1.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/gravitl/netmaker/security/advisories/GHSA-4hgg-c4rr-6h7f github.com: https://github.com/gravitl/netmaker/releases/tag/v1.5.0