Skip to content
Threat Feed

Vendor

ForgeKeep

3 briefs RSS
high advisory

Nebula-Mesh Stores Operator Session Tokens in Plaintext, Enabling Session Hijacking (CVE-2026-53603)

Operator session tokens in ForgeKeep's nebula-mesh application are stored in plaintext within the database, allowing an attacker who gains read access to the database to retrieve active session tokens and hijack operator sessions, bypassing further authentication.

nebula-mesh vulnerability session-hijacking database plaintext credential-exposure
1t
high advisory

ForgeKeep Nebula-Mesh Certificate Revocation Bypass Vulnerability

A high-severity vulnerability, CVE-2026-61699, in ForgeKeep's nebula-mesh allows compromised or offboarded hosts to bypass certificate revocation, enabling attackers to maintain full mesh network access for up to 365 days despite operator actions.

nebula-mesh certificate-revocation network-overlay defense-evasion persistence network
2t
high advisory

Nebula-mesh Non-Admin SSRF Bypass via Webhook Configuration

A vulnerability in Nebula-mesh allows non-admin operators with the 'user' role to bypass Server-Side Request Forgery (SSRF) protection by setting `allow_private: true` on webhook subscriptions, enabling the server to make requests to internal or loopback network addresses, which can lead to internal network probing, blind interaction with internal services, and potentially the exfiltration of cloud IAM credentials.

nebula-mesh server-side-request-forgery ssrf privilege-escalation authorization-bypass web-application
1r 2t