Which versions of Netmaker are affected by CVE-2026-29771?

Gravitl Netmaker versions prior to 1.2.0 contain an unauthenticated remote denial-of-service vulnerability allowing attackers to repeatedly crash the WireGuard overlay network service, disrupting…. A patch is available.

How to fix or mitigate CVE-2026-29771?

24 hours: Identify all Netmaker deployments and document instances running versions prior to 1.2.0. 7 days: Apply vendor patch by upgrading all affected instances to Gravitl Netmaker 1.2.0 or later. 30 days: Review service logs to detect any exploitation attempts and confirm patch deployment across all systems.

Netmaker CVE-2026-29771

Q: What is the CVSS score of CVE-2026-29771?

CVE-2026-29771 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

HIGH

Improper Resource Shutdown or Release (CWE-404)

2026-03-07 security-advisories@github.com

GHSA-rhr9-hgcm-x289

Denial Of Service Netmaker

8.7

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.7 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

SUSE

6.5 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 18, 2026 - 16:58 vuln.today

Analysis Updated

May 18, 2026 - 16:58 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 18, 2026 - 16:52 vuln.today

cvss_changed

Severity Changed

May 18, 2026 - 16:52 NVD

MEDIUM HIGH

CVSS changed

May 18, 2026 - 16:52 NVD

6.5 (MEDIUM) 8.7 (HIGH)

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 07, 2026 - 16:15 nvd

MEDIUM 6.5

DescriptionGitHub Advisory

Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals. This issue has been patched in version 1.2.0.

AnalysisAI

Denial of service in Gravitl Netmaker prior to 1.2.0 allows any remote unauthenticated attacker to terminate the server process by calling the unprotected /api/server/shutdown endpoint, which issues a SIGINT to the running process. Because the service restarts in roughly three seconds, attackers can loop the request to sustain a cyclic outage of the WireGuard-based overlay network. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Identify exposed Netmaker API

Delivery

Send request to /api/server/shutdown

Exploit

Server process receives SIGINT and terminates

Execution

Loop request during ~3s restart window

Impact

Sustained control-plane outage for WireGuard mesh

Access

Identify exposed Netmaker API

Delivery

Send request to /api/server/shutdown

Exploit

Server process receives SIGINT and terminates

Execution

Loop request during ~3s restart window

Impact

Sustained control-plane outage for WireGuard mesh

Vulnerability AssessmentAI

Exploitation	The attacker needs network reachability to the Netmaker HTTP API (typically TCP port 8081 or whatever the operator exposes) and the ability to send a request to the /api/server/shutdown endpoint of a Netmaker instance running a version below 1.2.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who discovers an internet-exposed Netmaker instance (e.g., via Shodan or asset scanning) sends a simple HTTP request to /api/server/shutdown, terminating the server. Scripting this request in a loop produces a sustained outage with roughly three-second restart cycles, disrupting WireGuard peer configuration and management across the entire mesh. …
Remediation	Vendor-released patch: upgrade Netmaker to version 1.2.0 or later, per the GHSA-rhr9-hgcm-x289 advisory (https://github.com/gravitl/netmaker/security/advisories/GHSA-rhr9-hgcm-x289); SUSE users should apply SUSE-SU-2026:1042 from https://www.suse.com/support/update/SUSE-SU-2026:1042/. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all Netmaker deployments and document instances running versions prior to 1.2.0. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Medium

CVE-2026-29771 vulnerability details – vuln.today

Back

Netmaker CVE-2026-29771

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code