CVE-2026-29195
- Source
- https://cve.org/CVERecord?id=CVE-2026-29195
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-29195.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-29195
- Aliases
- Downstream
- Related
- Published
- 2026-03-07T16:14:06.196Z
- Modified
- 2026-04-10T05:41:36.856979Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Netmaker: Privilege Escalation from Admin to Super-Admin via User Update
- Details
-
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role. This issue has been patched in version 1.5.0.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-863" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/29xxx/CVE-2026-29195.json" }- References
Affected packages
Git / github.com/gravitl/netmaker
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gravitl/netmaker
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.7
v0.*
v0.1
v0.10.0
v0.11.0
v0.11.1-testing
v0.11.1_testing
v0.12.0
v0.13.5-testing
v0.14.1
v0.14.1-testing
v0.14.2
v0.14.3
v0.14.4
v0.14.5
v0.14.6
v0.15.1
v0.15.2
v0.16.0
v0.16.1
v0.16.2
v0.17.0
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.18.4
v0.18.6
v0.18.7
v0.19.0
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.20.4
v0.20.5
v0.20.6
v0.21.0
v0.21.1
v0.21.2
v0.22.0
v0.23.0
v0.24.0
v0.24.1
v0.24.2
v0.24.3
v0.25.0
v0.26.0
v0.3
v0.30.0
v0.5
v0.7
v0.7.1
v0.8.0
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.90.0
v0.99.0
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.4.0