Skip to main content

Warpgate

6 CVEs product

Monthly

CVE-2026-44347 MEDIUM This Month

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the attacker's account (such as writing sensitive data to the attacker's SSH target, or logging into an HTTP target that the attacker set up). This vulnerability is fixed in 0.23.3.

Information Disclosure CSRF Warpgate
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-54804 Cargo MEDIUM POC PATCH This Week

Russh is a Rust SSH client & server library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Russh Warpgate Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-43410 Cargo HIGH POC PATCH This Week

Russh is a Rust SSH client & server library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Russh Warpgate
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-48712 HIGH PATCH This Week

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Warpgate
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-43660 HIGH PATCH This Week

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Warpgate
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-37268 HIGH PATCH This Week

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Warpgate
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
EPSS 0% CVSS 5.8
MEDIUM This Month

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the attacker's account (such as writing sensitive data to the attacker's SSH target, or logging into an HTTP target that the attacker set up). This vulnerability is fixed in 0.23.3.

Information Disclosure CSRF Warpgate
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Week

Russh is a Rust SSH client & server library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Russh +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Russh is a Rust SSH client & server library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Russh Warpgate
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Authentication Bypass Warpgate
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Warpgate
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Warpgate
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy