CVE-2026-29771 Netmaker CVE debrief

Who should care

Netmaker operators and administrators running versions earlier than 1.2.0 should treat this as a high-priority availability issue, especially if the Netmaker API is reachable by untrusted users or broadly exposed within internal networks.

Technical summary

The vulnerability is a server-side shutdown control issue in Netmaker’s /api/server/shutdown endpoint. Per the NVD record and linked vendor advisory, the endpoint can send syscall.SIGINT to the Netmaker server process, allowing repeated termination requests to create a cyclic denial of service. The weakness is classified as CWE-404 and affects cpe:2.3:a:netmaker:netmaker versions prior to 1.2.0. The published CVSS v4 vector indicates network-reachable, unauthenticated, high availability impact with no integrity or confidentiality impact.

Defensive priority

High. This is an externally reachable availability flaw that can repeatedly interrupt service until the fix is applied or access is constrained.

Recommended defensive actions

• Upgrade Netmaker to version 1.2.0 or later.
• Restrict access to the Netmaker API and any shutdown-related endpoints to trusted administrators only.
• Review deployment controls, authentication, and network exposure around the Netmaker server API.
• Monitor for repeated server restarts or unexpected SIGINT-driven shutdown behavior.
• If immediate upgrading is not possible, apply compensating network controls to block untrusted access to the affected endpoint.

Evidence notes

All material facts are taken from the supplied NVD record and its referenced GitHub Security Advisory. The source states that versions before 1.2.0 are vulnerable, that /api/server/shutdown can terminate the server via syscall.SIGINT, and that repeated requests can cause cyclic denial of service with approximately 3-second restart intervals. The NVD record lists the issue as analyzed, with CVSS 4.0 vector indicating no privileges or user interaction required and availability impact high.

Official resources