{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-29771", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-04T16:26:02.897Z", "datePublished": "2026-03-07T15:14:38.361Z", "dateUpdated": "2026-03-09T18:27:17.865Z"}, "containers": {"cna": {"title": "Netmaker: Denial of Service via Server Shutdown Endpoint", "problemTypes": [{"descriptions": [{"cweId": "CWE-404", "lang": "en", "description": "CWE-404: Improper Resource Shutdown or Release", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/gravitl/netmaker/security/advisories/GHSA-rhr9-hgcm-x289", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-rhr9-hgcm-x289"}], "affected": [{"vendor": "gravitl", "product": "netmaker", "versions": [{"version": "< 1.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T15:14:38.361Z"}, "descriptions": [{"lang": "en", "value": "Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals. This issue has been patched in version 1.2.0."}], "source": {"advisory": "GHSA-rhr9-hgcm-x289", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T17:43:39.289015Z", "id": "CVE-2026-29771", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T18:27:17.865Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-29771", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T17:43:39.289015Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T17:43:40.430Z"}}], "cna": {"title": "Netmaker: Denial of Service via Server Shutdown Endpoint", "source": {"advisory": "GHSA-rhr9-hgcm-x289", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "gravitl", "product": "netmaker", "versions": [{"status": "affected", "version": "< 1.2.0"}]}], "references": [{"url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-rhr9-hgcm-x289", "name": "https://github.com/gravitl/netmaker/security/advisories/GHSA-rhr9-hgcm-x289", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals. This issue has been patched in version 1.2.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "CWE-404: Improper Resource Shutdown or Release"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T15:14:38.361Z"}}}, "cveMetadata": {"cveId": "CVE-2026-29771", "state": "PUBLISHED", "dateUpdated": "2026-03-09T18:27:17.865Z", "dateReserved": "2026-03-04T16:26:02.897Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-07T15:14:38.361Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C4A058D-7EB8-4629-A1EF-BC00DA2E7158", "versionEndExcluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals. This issue has been patched in version 1.2.0."}, {"lang": "es", "value": "Netmaker crea redes con WireGuard. Antes de la versi\u00f3n 1.2.0, el endpoint /API/servidor/shutdown permite la terminaci\u00f3n del proceso del servidor Netmaker a trav\u00e9s de syscall.SIGINT. Esto permite a cualquier usuario apagar repetidamente el servidor, causando una denegaci\u00f3n de servicio c\u00edclica con intervalos de reinicio de aproximadamente 3 segundos. Este problema ha sido parcheado en la versi\u00f3n 1.2.0."}], "id": "CVE-2026-29771", "lastModified": "2026-03-12T13:58:38.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-07T16:15:54.657", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-rhr9-hgcm-x289"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.2.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "netmaker", "source": "cna", "vendor": "gravitl"}, "product": "netmaker", "vendor": "gravitl"}], "analysis": {"en": {"generated_at": "2026-04-16T10:54:48.043702+00:00", "value": {"mitigation_remediation": ["Upgrade all Netmaker installations to version\u202f1.2.0 or later.", "Seal the /api/server/shutdown endpoint behind authentication or firewall rules to prevent unauthorized access if an upgrade is delayed.", "Monitor system logs for recurrent shutdown signals and verify that the server is not restarting unexpectedly."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected systems are installations of gravitl Netmaker older than version\u202f1.2.0. The vulnerability applies to all releases before the 1.2.0 patch, which was released to fix the shutdown endpoint behavior. All environments running those earlier builds are susceptible when the /api/server/shutdown endpoint is reachable.", "description_and_impact": "Netmaker, a platform that creates networks using WireGuard, contained a flaw that enabled any user to terminate the server by calling /api/server/shutdown. The endpoint triggered a SIGINT signal, causing the Netmaker server process to exit and automatically restart after a brief delay, inducing repeated downtime. The consequence is a denial of service that can be executed continually, disrupting network availability for all clients. The weakness is classified as a missing resource error (CWE\u2011404).", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high impact vulnerability. The EPSS score is below 1\u202f%, suggesting a low probability of exploitation at this time, and the issue is not listed in the KEV catalog. The likely attack vector is remote HTTP(S) requests to the shutdown endpoint; the description states that any user can trigger the flaw, so authentication, if present, may not be sufficient. An attacker who can reach the endpoint can repeatedly restart the server, leading to predictable 3\u2011second restart cycles that cause noticeable traffic disruption. However, the tool\u2019s default configuration may limit endpoint exposure, so the practical risk depends on the network visibility of the API."}}}}, "created": "2026-03-09T10:05:18.323296+00:00", "updated": "2026-04-16T11:00:10.651727+00:00", "vendors": ["gravitl", "gravitl$PRODUCT$netmaker"]}