Chisel

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2024-43798	Jpillora Chisel	Hig	0.49	8.6	0.00		Aug 26, 2024	Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented `AUTH` environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the…
CVE-2026-48113	Jpillora Chisel	hig	0.38	—	—		Jun 12, 2026	### Summary Authenticated chisel clients can bypass `--authfile` ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that…

CVE-2024-43798HigAug 26, 2024
Jpillora
Chisel
risk 0.49cvss 8.6epss 0.00
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented `AUTH` environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the…
CVE-2026-48113higJun 12, 2026
Jpillora
Chisel
risk 0.38cvss —epss —
### Summary Authenticated chisel clients can bypass `--authfile` ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that…