These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-29771 affects Netmaker versions before 1.2.0. According to the vendor advisory referenced by NVD, the /api/server/shutdown endpoint can terminate the Netmaker server process via syscall.SIGINT. An attacker can repeatedly invoke the endpoint and force cyclic downtime, with the service restarting on roughly 3-second intervals. NVD rates the issue 8.7 HIGH and maps it to CWE-404. The issue is patche [truncated]
CVE-2023-32079 is a high-severity privilege-escalation flaw in Netmaker. According to the CVE/NVD record and the vendor advisory, a mass assignment issue could let a non-admin user escalate to admin privileges in affected releases. The issue is patched in 0.17.1 and fixed in 0.18.6.
CVE-2023-32078 is an authorization flaw in Netmaker’s user update function. The issue is described as an insecure direct object reference (IDOR): by supplying another user’s username, an attacker could update that user’s password. NVD assigns a CVSS v3.1 score of 7.5 (HIGH) with network attack vector, no privileges required, and high integrity impact. The vulnerable ranges listed in the official record ar [truncated]
CVE-2023-32077 is a high-severity Netmaker vulnerability where hardcoded DNS key usage could let unauthenticated attackers interact with DNS API endpoints. The issue affects releases prior to 0.17.1 and 0.18.6, with the vendor and NVD pointing to patched commits and an advisory for remediation. Because the flaw is network-reachable and requires no credentials, it should be treated as a priority fix for an [truncated]
CVE-2022-23650 is a high-severity Netmaker server issue involving a hard-coded cryptographic key in the code base. Per the advisory, an attacker who knows the admin address and username could use that key to run admin commands on a remote server. The issue affects the Netmaker server component, not clients, and the vendor states there are no known workarounds. Fixed releases are listed as v0.8.5, v0.9.4, and v0.10.0.