HIGH
tale
CVE published 2026-06-08
CVE-2026-46484
A path traversal and authorization bypass vulnerability was discovered in Headplane, a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, the Headscale API client used by node and user rename operations was vulnerable. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3.