Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Netmaker allows admin users to elevate their own permissions
CVE-2026-29195
GHSA-ch3w-9456-38v3
GHSA-ch3w-9456-38v3
Summary
Before version 1.5.0, an admin user could accidentally or intentionally give themselves the super-admin role. This could lead to unauthorized access to sensitive features and settings. To fix this, update to version 1.5.0 or later.
What to do
- Update github.com gravitl to version 1.5.0.
- Update gravitl github.com/gravitl/netmaker to version 1.5.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | gravitl | <= 1.5.0 | 1.5.0 |
| gravitl | github.com/gravitl/netmaker | <= 1.5.0 | 1.5.0 |
| gravitl | netmaker | <= 1.5.0 | – |
Original title
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin rol...
Original description
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the super-admin role. This issue has been patched in version 1.5.0.
nvd CVSS4.0
6.9
Vulnerability type
CWE-863
Incorrect Authorization
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026