Go modules package
github.com/slackhq/nebula
pkg:golang/github.com/slackhq/nebula
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25793 | — | >= 1.7.0, < 1.10.3 | 1.10.3 | Feb 6, 2026 | Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability | ||
| CVE-2025-62820 | Med | 4.9 | >= 1.9.4, < 1.9.7 | 1.9.7 | Oct 23, 2025 | Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network. |
- CVE-2026-25793Feb 6, 2026affected >= 1.7.0, < 1.10.3fixed 1.10.3
Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability
- affected >= 1.9.4, < 1.9.7fixed 1.9.7
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.