{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25793", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-05T19:58:01.640Z", "datePublished": "2026-02-06T22:55:36.011Z", "dateUpdated": "2026-02-09T15:25:50.582Z"}, "containers": {"cna": {"title": "Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962"}, {"name": "https://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21", "tags": ["x_refsource_MISC"], "url": "https://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21"}], "affected": [{"vendor": "slackhq", "product": "nebula", "versions": [{"version": ">= 1.7.0, < 1.10.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T22:55:36.011Z"}, "descriptions": [{"lang": "en", "value": "Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This issue has been patched in version 1.10.3."}], "source": {"advisory": "GHSA-69x3-g4r3-p962", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:19:12.820151Z", "id": "CVE-2026-25793", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:25:50.582Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25793", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T15:19:12.820151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:19:13.630Z"}}], "cna": {"title": "Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability", "source": {"advisory": "GHSA-69x3-g4r3-p962", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "slackhq", "product": "nebula", "versions": [{"status": "affected", "version": ">= 1.7.0, < 1.10.3"}]}], "references": [{"url": "https://github.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962", "name": "https://github.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21", "name": "https://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This issue has been patched in version 1.10.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T22:55:36.011Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25793", "state": "PUBLISHED", "dateUpdated": "2026-02-09T15:25:50.582Z", "dateReserved": "2026-02-05T19:58:01.640Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-06T22:55:36.011Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:slack:nebula:*:*:*:*:*:*:*:*", "matchCriteriaId": "95C8E184-A4E9-4558-8824-D89590D62C4C", "versionEndExcluding": "1.10.3", "versionStartIncluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This issue has been patched in version 1.10.3."}], "id": "CVE-2026-25793", "lastModified": "2026-02-18T17:47:38.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-06T23:15:54.830", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "nebula: Nebula: Blocklist evasion via ECDSA Signature Malleability", "id": "2437914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437914"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-347", "details": ["Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This issue has been patched in version 1.10.3."], "mitigation": {"lang": "en:us", "value": "Avoid configuring Nebula to use P256 certificates. This vulnerability is only exploitable when P256 certificates are explicitly enabled, as they are not the default configuration. Ensure Nebula deployments utilize default or other non-P256 certificate types to prevent blocklist evasion."}, "name": "CVE-2026-25793", "public_date": "2026-02-06T22:55:36Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-25793\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25793\nhttps://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21\nhttps://github.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962"], "statement": "While the flaw is rated as Important, please keep in mind that there are several preconditions that must be true for a customer to be impacted:\n1. They must be used CURVE_P256 certificates (which are not the default).\n2. They must have one or more entries on their blocklist.\n3. The certificates of those blocklisted entries must be signed by a trusted CA and not expired.\n4. An attacker must have a copy of the private key and corresponding certificate for one of those blocklist entries.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-18T13:25:37.166946+00:00", "value": {"mitigation_remediation": ["Upgrade Nebula to version 1.10.3 or later to receive the fix for certificate signature malleability.", "If immediate upgrade is not possible, disable the use of P256 certificates or enforce the default ECDSA certificate configuration to eliminate the malicious signature path.", "Reconfigure blocklisting to verify certificate signatures in addition to fingerprints, ensuring that a modified certificate cannot be accepted without proper signature validation."], "summary": {"action": "Patch", "impact": "Blocklist Bypass via ECDSA Signature Malleability allows an attacker to evade a blocked certificate and gain unauthorized network access"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Slack\u2019s Nebula overlay networking tool, specifically versions 1.7.0 through 1.10.2 when configured to use P256 certificates, which is not the default setup. Systems running these versions with P256 enabled are susceptible, while newer releases past 1.10.2 have addressed the flaw.", "description_and_impact": "Nebula releases from 1.7.0 to 1.10.2 that use P256 certificates expose a flaw wherein the ECDSA signature can be modified to create a certificate copy with a different fingerprint. The blocklist mechanism relies on this fingerprint to block malicious or revoked nodes, but the malleability allows an attacker to transform a blocked certificate into an accepted one, effectively bypassing the blocklist. This bypass can lead to unauthorized connectivity and potential lateral movement within the overlay network. The weakness is tied to CWE-347, a signature malleability issue.", "risk_and_exploitability": "Based on the description, it is inferred that the attack vector requires an attacker capable of manipulating the ECDSA signature used to validate P256 certificates or controlling the process that signs certificates for the Nebula network. The likely attack vector is exposure of the certificate signing authority or exploitation of a misconfigured certificate distribution mechanism. The CVSS score of 7.6 indicates a high severity, but the EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to control the P256 certificate signing process or have the capability to alter signatures, which could arise in environments where certificate management is compromised or insecure. Once exploited, the attacker can join the Nebula network and bypass security controls tied to the blocklist, gaining full network access to peers and services that rely on Nebula for connectivity."}}}}, "created": "2026-02-09T10:45:10.265163+00:00", "updated": "2026-04-18T13:30:45.747008+00:00", "vendors": ["slack", "slack$PRODUCT$nebula"]}