CVE-2026-29195
Privilege Escalation via Role Assignment in Netmaker User API
Publication date: 2026-03-07
Last updated on: 2026-03-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gravitl | netmaker | to 1.5.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29195 is a privilege escalation vulnerability in Netmaker versions prior to 1.5.0. It occurs because the user update handler (PUT /api/users/{username}) does not properly validate role changes during account updates.
While the system prevents an admin user from assigning the admin role to another user, it fails to prevent an admin from assigning the super-admin role. This means an attacker with admin privileges can escalate their role to super-admin by modifying user data via the update API.
This vulnerability is classified as CWE-863 (Incorrect Authorization) due to incomplete authorization checks.
How can this vulnerability impact me? :
This vulnerability allows an attacker with admin privileges to escalate their role to super-admin, granting them the highest level of access within the Netmaker system.
With super-admin privileges, the attacker can perform unrestricted actions, potentially compromising the entire network management environment, altering configurations, accessing sensitive data, and disrupting operations.
Such unauthorized privilege escalation can lead to significant security breaches and loss of control over the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves unauthorized role escalation via the user update API endpoint (PUT /api/users/{username}) in Netmaker versions prior to 1.5.0. Detection can focus on monitoring API requests that attempt to modify user roles, especially those where an admin user tries to assign the super-admin role.'}, {'type': 'paragraph', 'content': 'You can detect potential exploitation by inspecting logs or network traffic for PUT requests to the /api/users/ endpoint that include changes to the super-admin role.'}, {'type': 'paragraph', 'content': 'Example commands to detect such activity might include:'}, {'type': 'list_item', 'content': "Using grep on server logs to find PUT requests modifying user roles: grep 'PUT /api/users/' /var/log/netmaker/access.log | grep 'super-admin'"}, {'type': 'list_item', 'content': "Using tcpdump or Wireshark to capture and filter HTTP PUT requests to /api/users/: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'PUT /api/users/'"}, {'type': 'list_item', 'content': 'If using JSON logs, use jq to filter role changes to super-admin: jq \'.request.body.role == "super-admin"\' /var/log/netmaker/access.log'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation is to upgrade Netmaker to version 1.5.0 or later, where this vulnerability has been patched.'}, {'type': 'paragraph', 'content': "Until the upgrade can be performed, restrict admin users' ability to access or use the user update API endpoint to prevent unauthorized role escalation."}, {'type': 'paragraph', 'content': 'Additionally, monitor and audit user role changes closely to detect any suspicious privilege escalations.'}] [1]