{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29195", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-04T14:44:00.715Z", "datePublished": "2026-03-07T16:14:06.196Z", "dateUpdated": "2026-03-09T18:25:40.804Z"}, "containers": {"cna": {"title": "Netmaker: Privilege Escalation from Admin to Super-Admin via User Update", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/gravitl/netmaker/security/advisories/GHSA-ch3w-9456-38v3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-ch3w-9456-38v3"}, {"name": "https://github.com/gravitl/netmaker/releases/tag/v1.5.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/gravitl/netmaker/releases/tag/v1.5.0"}], "affected": [{"vendor": "gravitl", "product": "netmaker", "versions": [{"version": "< 1.5.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T16:14:06.196Z"}, "descriptions": [{"lang": "en", "value": "Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role. This issue has been patched in version 1.5.0."}], "source": {"advisory": "GHSA-ch3w-9456-38v3", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T17:38:52.590165Z", "id": "CVE-2026-29195", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T18:25:40.804Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29195", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T17:38:52.590165Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T17:38:54.242Z"}}], "cna": {"title": "Netmaker: Privilege Escalation from Admin to Super-Admin via User Update", "source": {"advisory": "GHSA-ch3w-9456-38v3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "gravitl", "product": "netmaker", "versions": [{"status": "affected", "version": "< 1.5.0"}]}], "references": [{"url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-ch3w-9456-38v3", "name": "https://github.com/gravitl/netmaker/security/advisories/GHSA-ch3w-9456-38v3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/gravitl/netmaker/releases/tag/v1.5.0", "name": "https://github.com/gravitl/netmaker/releases/tag/v1.5.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role. This issue has been patched in version 1.5.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T16:14:06.196Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29195", "state": "PUBLISHED", "dateUpdated": "2026-03-09T18:25:40.804Z", "dateReserved": "2026-03-04T14:44:00.715Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-07T16:14:06.196Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BC0009A-5594-47A8-AB15-257A6742197D", "versionEndExcluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role. This issue has been patched in version 1.5.0."}, {"lang": "es", "value": "Netmaker crea redes con WireGuard. Antes de la versi\u00f3n 1.5.0, el gestor de actualizaci\u00f3n de usuarios (PUT /api/users/{username}) carece de validaci\u00f3n para evitar que un usuario con rol de administrador asigne el rol de superadministrador durante las actualizaciones de cuenta. Si bien el c\u00f3digo bloquea correctamente que un administrador asigne el rol de administrador a otro usuario, no incluye una verificaci\u00f3n equivalente para el rol de superadministrador. Este problema ha sido parcheado en la versi\u00f3n 1.5.0."}], "id": "CVE-2026-29195", "lastModified": "2026-03-12T13:57:57.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-07T17:15:51.843", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/gravitl/netmaker/releases/tag/v1.5.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-ch3w-9456-38v3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "netmaker", "source": "cna", "vendor": "gravitl"}, "product": "netmaker", "vendor": "gravitl"}], "analysis": {"en": {"generated_at": "2026-04-16T10:49:52.239725+00:00", "value": {"mitigation_remediation": ["Upgrade Netmaker to version 1.5.0 or newer, which implements the proper role validation check.", "Audit existing user accounts to identify and revoke any super\u2011admin roles that were incorrectly granted by an admin before the patch.", "Configure the user update API so that only users with super\u2011admin status can modify role assignments, applying additional role\u2011based access control or middleware to enforce this rule."], "summary": {"action": "Patch Immediately", "impact": "Privilege Escalation to Super-Admin"}, "threat_synthesis": {"affected_systems": "The flaw exists in all deployments of gravitl:netmaker that are running versions earlier than 1.5.0. Administrators operating these installations are at risk if their API token or web session is compromised or if they use weak authentication for the API.", "description_and_impact": "The Netmaker API endpoint for updating user accounts contains a missing authorization check that allows an administrator to elevate their privileges to super\u2011admin. When a user with the admin role sends a request to the user update handler and sets the role field to super\u2011admin, the server accepts the change because the code only prevents admins from giving other users the admin role. The result is that a regular admin can obtain full control over the entire Netmaker platform, including network configuration, user management, and deployment of WireGuard nodes, effectively bypassing the intended role hierarchy.", "risk_and_exploitability": "The vulnerability has a CVSS score of 6.9, indicating moderate severity. The EPSS score is less than 1%, suggesting a low probability of exploitation in the wild, and it is not currently listed in the CISA KEV catalog. However, the attack vector is straightforward: an attacker who can authenticate as an admin and issue an HTTPS request to the update endpoint can supply a super\u2011admin role value. Because the API uses bearer tokens, credential compromise or social engineering can provide the necessary access. The lack of an additional role\u2011check allows the privilege escalation without any other prerequisites."}}}}, "created": "2026-03-09T10:05:02.212986+00:00", "updated": "2026-04-16T11:00:10.636874+00:00", "vendors": ["gravitl", "gravitl$PRODUCT$netmaker"]}