CVE-2026-38651 | Netmaker up to 1.4.x logic/jwts.go VerifyHostToken information disclosure

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability identified as problematic has been detected in Netmaker up to 1.4.x. Impacted is the function VerifyHostToken of the file logic/jwts.go. Performing a manipulation results in information disclosure.

This vulnerability is identified as CVE-2026-38651. The attack can only be performed from the local network. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-38651 | Netmaker up to 1.4.x logic/jwts.go VerifyHostToken information disclosure

Post correlati

CVE-2025-12121 | Lite XL up to 2.1.8 core.lua system.exec os command injection

CVE-2026-3580 | wolfSSL up to 5.8.x sp_256_get_entry_256_9 information exposure

CVE-2026-1868 | GitLab AI Gateway up to 18.6.1/18.7.0/18.8.0 Duo Workflow Service special elements used in a template engine

CVE-2023-47039 | Perl on Windows cmd.exe uncontrolled search path