top of page
perceptive_background_267k.jpg

Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signatur…

Published:

27 April 2026 at 22:00:00

Alert date:

28 April 2026 at 21:20:20

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Identity & Access

A critical authentication bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to properly validate JWT signatures when verifying host tokens. This flaw allows attackers to forge JWT tokens signed with arbitrary keys to impersonate any host in the network. Successful exploitation grants unauthorized access to sensitive information within the Netmaker network infrastructure. The vulnerability affects the core authentication mechanism of the Netmaker network management platform.

Technical details

Mitigation steps:

Affected products:

Netmaker

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-38651
https://github.com/gravitl/netmaker/commit/5309aa70d464ef565911369714d661a61481a79b
https://www.zyenra.com/advisories/netmaker-jwt-verification-bypass
https://www.zyenra.com/blog/netmaker-jwt-verification-bypass
https://www.zyenra.com/advisories/netmaker-jwt-verification-bypass/
https://www.zyenra.com/blog/netmaker-jwt-verification-bypass

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page