VYPR
High severityNVD Advisory· Published Feb 6, 2026· Updated Feb 9, 2026

Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability

CVE-2026-25793

Description

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This issue has been patched in version 1.10.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/slackhq/nebulaGo
>= 1.7.0, < 1.10.31.10.3

Affected products

15

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.