VYPR
← All vendors
Vendor

Nebula

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-47724criJun 8, 2026
    Nebula
    Nebula
    risk 0.52cvss epss

    The `/api/v1/*` route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at `internal/api/hosts.go:384`: *"API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer."* The Web UI…

  • CVE-2026-47726higJun 8, 2026
    Nebula
    Nebula
    risk 0.38cvss epss

    `internal/api/audit.go:12` — `handleGetAuditLog` does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via `store.ListAuditEntries` (up to limit=1000). This includes cross-tenant actor names, host/CA/operator IDs, action…

  • CVE-2026-47722higJun 8, 2026
    Nebula
    Nebula
    risk 0.38cvss epss

    `internal/configgen/generator.go:86,108,119` interpolates the operator-supplied `ListenHost` and `TunDevice` fields raw into a `text/template` that produces the agent's `config.yml`. `internal/web/advanced.go:20-35` accepts both with only `strings.TrimSpace` — no character or…