Back to CVE List

CVE-2026-33950

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.4 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Vulnerability Description

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time, allowing them to modify sensitive vessel routing data, alter server configurations, and access restricted endpoints. This issue has been patched in version 2.24.0-beta.4.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-285
Source
NVD
Vendor
SignalK
Product
signalk-server

External References

Discussion (0)

Add Comment

No comments yet. Be the first!