CVE-2026-46484 – Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user

CVE ID :CVE-2026-46484

Published : June 8, 2026, 8:17 p.m. | 17 minutes ago

Description :Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-44541 – Fides: DOM-based XSS vulnerability in fides.js via fides_description override

CVE-2026-40215 – OpenVPN Use-After-Free Race Condition

CVE-2026-11585 – CodeAstro Student Attendance Management System createClassArms.php sql injection

CVE-2026-49141 – WACRM Authorization Bypass via Automation Engine Endpoint