Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
Go/github.com/juev/nebula-mesh — 8 CVEs · VulnScope
pkg:Go/
github.com/juev/nebula-mesh
8 total CVEs
CRITICAL
1
MEDIUM
1
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.9
CVE-2026-47724
nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privilege escalation
from 0, < 0.3.4
MEDIUM
5.5
CVE-2026-47768
nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)
from 0, < 0.3.2
—
CVE-2026-48058
nebula-mesh: Session and OIDC state cookies lack the Secure attribute
from 0, < 0.3.2
—
nebula-mesh: Decrypted CA private key persists in heap after signing
from 0, < 0.3.7
—
nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator
from 0, < 0.3.2
—
nebula-mesh's web UI lacks CSRF tokens on /ui/* mutating endpoints
from 0, < 0.3.3
—
nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.)
from 0, < 0.3.1
—
nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml
from 0, < 0.3.2
CVE-2026-48025
CVE-2026-47726
CVE-2026-47725
CVE-2026-47723
CVE-2026-47722