Skip to main content

WireGuard Easy CVE-2026-63089

| EUVDEUVD-2026-45013 CRITICAL
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
2026-07-16 VulnCheck GHSA-m894-wgpg-hwpv
9.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.0 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Unauthenticated network (PR:N/AV:N) but requires racing an active OTL window (AC:H); scope changes to the VPN network (S:C), high confidentiality from key recovery (C:H), low integrity from peer impersonation (I:L).

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jul 16, 2026 - 20:17 vuln.today
Analysis Generated
Jul 16, 2026 - 20:17 vuln.today
CVE Published
Jul 16, 2026 - 19:28 cve.org
CRITICAL 9.0

DescriptionCVE.org

WireGuard Easy through 15.3.0, fixed in commit 66b292b, contains a cryptographically weak one-time link token generation vulnerability that allows unauthenticated network attackers to recover WireGuard peer credentials by brute-forcing a keyspace of at most 1000 candidate tokens per client ID, as the token is computed using CRC32 over a random value constrained to 0-999. Attackers can enumerate candidate tokens against the unauthenticated /cnf/:oneTimeLink route, which lacks rate limiting and does not validate token expiration, to obtain a peer's PrivateKey and PresharedKey and impersonate that peer on the VPN network.

AnalysisAI

Peer credential disclosure in WireGuard Easy (wg-easy) through 15.3.0 lets unauthenticated network attackers recover a client's WireGuard PrivateKey and PresharedKey by brute-forcing the one-time configuration link. Because the OTL token is derived from CRC32 over a random value bounded to 0-999, an attacker faces at most 1000 candidate tokens per client ID against the unauthenticated /cnf/:oneTimeLink route, which had no rate limiting and did not enforce token expiration. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach unauthenticated /cnf OTL route
Delivery
Enumerate ≤1000 CRC32 candidate tokens
Exploit
Redeem valid token, no rate limit
Execution
Download peer config file
Persist
Extract PrivateKey and PresharedKey
Impact
Impersonate peer on VPN network

Vulnerability AssessmentAI

Exploitation Exploitation requires an active/outstanding one-time link (OTL) for a target client to exist and network reachability to the wg-easy /cnf/:oneTimeLink route; the attacker needs no credentials (PR:N) and no user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuine high-priority issue rather than a high-CVSS paper tiger, but with an important precondition. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An admin generates a one-time link to hand a WireGuard config to a new user. An unauthenticated attacker who can reach the wg-easy web interface enumerates all ≤1000 candidate CRC32 tokens for a client ID against /cnf/:oneTimeLink with no rate limiting, retrieves the config, and extracts the peer's PrivateKey and PresharedKey. …
Remediation Upstream fix available (PR/commit); released patched version not independently confirmed - update wg-easy to a build that includes commit 66b292b (PR #2661) via https://github.com/wg-easy/wg-easy/commit/66b292b11bde3664f05ffb016c8082665d261ded, which adds server-side expiration enforcement on the /cnf/:oneTimeLink route (rejecting expired links with HTTP 410) and hardens session handling. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all wg-easy deployments running version 15.3.0 or earlier and assess exposure to untrusted networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-63089 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy