CVE-2026-29771
Received Received - Intake
Denial of Service via Shutdown Endpoint in Netmaker Server

Publication date: 2026-03-07

Last updated on: 2026-05-18

Assigner: GitHub, Inc.

Description
Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart intervals. This issue has been patched in version 1.2.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-05-18
Generated
2026-06-16
AI Q&A
2026-03-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-29771
EUVD
EUVD-2026-10151
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netmaker netmaker From 1.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-29771 is a high-severity Denial of Service (DoS) vulnerability in Netmaker versions prior to 1.2.0. It exists because the /api/server/shutdown endpoint allows any user to terminate the Netmaker server process by sending a syscall SIGINT signal.

This unauthorized access enables repeated shutdowns of the server, causing a cyclic DoS condition where the server restarts approximately every 3 seconds.

The vulnerability is classified under CWE-404, which means the product improperly shuts down or releases resources.

This issue was fixed in Netmaker version 1.2.0.

Impact Analysis

This vulnerability can cause a cyclic denial of service on the Netmaker server by allowing any user to repeatedly shut down the server process.

As a result, the server will be unavailable or unstable, restarting approximately every 3 seconds, which can disrupt network operations and services relying on Netmaker.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for repeated shutdown and restart cycles of the Netmaker server process occurring approximately every 3 seconds.'}, {'type': 'paragraph', 'content': 'Additionally, network traffic analysis can be performed to detect unauthorized requests to the /api/server/shutdown endpoint.'}, {'type': 'paragraph', 'content': 'Commands to help detect this behavior might include:'}, {'type': 'list_item', 'content': 'Using system process monitoring tools such as: `ps aux | grep netmaker` repeatedly to observe frequent restarts.'}, {'type': 'list_item', 'content': 'Checking server logs for repeated shutdown requests or errors related to the server process.'}, {'type': 'list_item', 'content': "Using network monitoring tools like `tcpdump` or `wireshark` to capture and filter HTTP requests to the /api/server/shutdown endpoint, for example: `tcpdump -i any -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/api/server/shutdown'`."}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Netmaker to version 1.2.0 or later, where this vulnerability has been patched.

Until the upgrade can be performed, restrict access to the /api/server/shutdown endpoint to trusted users only, for example by implementing network-level access controls or firewall rules.

Monitoring and alerting on repeated shutdown attempts can also help in early detection and response.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29771. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart