Tag
high
advisory
Nebula-Mesh Stores Operator Session Tokens in Plaintext, Enabling Session Hijacking (CVE-2026-53603)
1 TTPOperator session tokens in ForgeKeep's nebula-mesh application are stored in plaintext within the database, allowing an attacker who gains read access to the database to retrieve active session tokens and hijack operator sessions, bypassing further authentication.
nebula-mesh
vulnerability
session-hijacking
database
plaintext
credential-exposure
1t
high
advisory
Nebula-mesh Non-Admin SSRF Bypass via Webhook Configuration
1 rule 2 TTPsA vulnerability in Nebula-mesh allows non-admin operators with the 'user' role to bypass Server-Side Request Forgery (SSRF) protection by setting `allow_private: true` on webhook subscriptions, enabling the server to make requests to internal or loopback network addresses, which can lead to internal network probing, blind interaction with internal services, and potentially the exfiltration of cloud IAM credentials.
nebula-mesh
server-side-request-forgery
ssrf
privilege-escalation
authorization-bypass
web-application
1r
2t