NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-38651

Summary	Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key and use it to impersonate any host in the network, gaining access to sensitive information
Publication Date	April 29, 2026, 1:16 a.m.
Registration Date	April 29, 2026, 4:08 a.m.
Last Update	April 29, 2026, 1:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/gravitl/netmaker/commit/5309aa70d464ef565911369714d661a61481a79b	cve@mitre.org
2	https://www.zyenra.com/advisories/netmaker-jwt-verification-bypass	cve@mitre.org
3	https://www.zyenra.com/blog/netmaker-jwt-verification-bypass	cve@mitre.org

Common Vulnerabilities List