QSearchQSearch

CVE-2022-36110

8.8 HIGH

Netmaker makes networks with WireGuard

Published: 2022-09-09 · Last updated: 2026-05-18

Severity and scoring

CVSS
8.8 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-1220, CWE-285

Affected products

VendorProduct
netmakernetmaker

Description

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-38651 Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0 (8.2 HIGH)
  • CVE-2026-29771 Netmaker makes networks with WireGuard (6.5 MEDIUM)
  • CVE-2023-32079 Netmaker makes networks with WireGuard (8.8 HIGH)
  • CVE-2023-32078 Netmaker makes networks with WireGuard (7.5 HIGH)
  • CVE-2023-32077 Netmaker makes networks with WireGuard (7.5 HIGH)

Same CWE

  • CVE-2026-47342 A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue...
  • CVE-2026-46668 SpiceDB is an open source database system for creating and managing security-critical application permissions
  • CVE-2026-47298 Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network (8.0 HIGH)
  • CVE-2026-45503 Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network (8.1 HIGH)
  • CVE-2026-45490 Improper authorization in .NET allows an authorized attacker to elevate privileges locally (7.8 HIGH)