Vendor
Nebula-Mesh Stores Operator Session Tokens in Plaintext, Enabling Session Hijacking (CVE-2026-53603)
1 TTPOperator session tokens in ForgeKeep's nebula-mesh application are stored in plaintext within the database, allowing an attacker who gains read access to the database to retrieve active session tokens and hijack operator sessions, bypassing further authentication.
ForgeKeep Nebula-Mesh Certificate Revocation Bypass Vulnerability
2 TTPsA high-severity vulnerability, CVE-2026-61699, in ForgeKeep's nebula-mesh allows compromised or offboarded hosts to bypass certificate revocation, enabling attackers to maintain full mesh network access for up to 365 days despite operator actions.
Nebula-mesh Non-Admin SSRF Bypass via Webhook Configuration
1 rule 2 TTPsA vulnerability in Nebula-mesh allows non-admin operators with the 'user' role to bypass Server-Side Request Forgery (SSRF) protection by setting `allow_private: true` on webhook subscriptions, enabling the server to make requests to internal or loopback network addresses, which can lead to internal network probing, blind interaction with internal services, and potentially the exfiltration of cloud IAM credentials.