CVE-2022-0664

⛔ critical

🔍 Scan for this CVE

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.

CVSS Score

9.8

Critical

EPSS Score

0.3

Exploit Probability

Published Date

2022-02-18

First Seen: 2026-01-05

This CVE is Very High Risk - more severe than 90.5% of all 326,604 vulnerabilities in our database.

#31,067

Top 10% most severe

Severity Percentile

Last Modified 2026-05-18

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-321

📦 Affected Products 4

Vendor	Product	Status	Affected Versions
gravitl	netmaker	Affected	< 0.8.5
gravitl	netmaker	Affected	≥ 0.9.0 < 0.9.4
netmaker	netmaker	Affected	< 0.8.5
netmaker	netmaker	Affected	> 0.9.0 < 0.9.4

Patch Third Party Advisory

Exploit Patch Third Party Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-38651	⚠️ high	8.2	0.1	Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jw...	2026-04-28
CVE-2026-29194	⚠️ high	8.1	0.1	Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validat...	2026-03-07
CVE-2026-29771	🔶 medium	6.5	0.0	Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of ...	2026-03-07
CVE-2026-29195	🔶 medium	6.5	0.0	Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lack...	2026-03-07
CVE-2026-29196	🔶 medium	4.3	0.0	Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve Wire...	2026-03-07
CVE-2023-32077	⚠️ high	7.5	86.6	Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in N...	2023-08-24

These CVEs affect the same products