CVEFinder.io

CVE-2022-36110

⚠️ high
🔍 Scan for this CVE
Summary

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.

CVSS Score
8.8
High
EPSS Score
0.3
Exploit Probability
Published Date
2022-09-09
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 326,604 vulnerabilities in our database.

#61,754
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Apr 23, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-18
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-285 CWE-1220

📦 Affected Products 2

Vendor Product Status Affected Versions
gravitl netmaker Affected
< 0.15.1
netmaker netmaker Affected
< 0.15.1

🔗 References 2

https://github.com/gravitl/netmaker/releases/tag/v0....
Third Party Advisory
https://github.com/gravitl/netmaker/security/advisor...
Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-38651 ⚠️ high 8.2 0.1 Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jw... 2026-04-28
CVE-2026-29194 ⚠️ high 8.1 0.1 Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validat... 2026-03-07
CVE-2026-29771 🔶 medium 6.5 0.0 Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of ... 2026-03-07
CVE-2026-29195 🔶 medium 6.5 0.0 Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler (PUT /api/users/{username}) lack... 2026-03-07
CVE-2026-29196 🔶 medium 4.3 0.0 Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve Wire... 2026-03-07
CVE-2023-32077 ⚠️ high 7.5 86.6 Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in N... 2023-08-24
These CVEs affect the same products