VYPR

Go modules package

github.com/shellhub-io/shellhub

pkg:golang/github.com/shellhub-io/shellhub

Vulnerabilities (4)

  • CVE-2026-44426MedMay 13, 2026
    affected < 0.24.2fixed 0.24.2

    ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list (user IDs, e-mails, roles), settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of th

  • CVE-2026-44425MedMay 13, 2026
    affected < 0.24.2fixed 0.24.2

    ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sort_by query parameter, which are then passed directly as BSON/

  • CVE-2026-44424MedMay 13, 2026
    affected < 0.24.2fixed 0.24.2

    ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace (tenant). Any authenticated user (JWT or API Key) who knows or ca

  • CVE-2026-44423MedMay 13, 2026
    affected < 0.24.2fixed 0.24.2

    ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records (SSH username, device UID, remote IP, terminal type,