Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-33950
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-02 Apr, 2026 | 16:08
Updated At-03 Apr, 2026 | 18:02
Rejected At-
▼CVE Numbering Authority (CNA)
signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time, allowing them to modify sensitive vessel routing data, alter server configurations, and access restricted endpoints. This issue has been patched in version 2.24.0-beta.4.

Affected Products
Vendor
SignalK
Product
signalk-server
Versions
Affected
  • < 2.24.0-beta.4
Problem Types
TypeCWE IDDescription
CWECWE-285CWE-285: Improper Authorization
CWECWE-288CWE-288: Authentication Bypass Using an Alternate Path or Channel
CWECWE-862CWE-862: Missing Authorization
Type: CWE
CWE ID: CWE-285
Description: CWE-285: Improper Authorization
Type: CWE
CWE ID: CWE-288
Description: CWE-288: Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-862
Description: CWE-862: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.19.4CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Version: 3.1
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/SignalK/signalk-server/security/advisories/GHSA-x8hc-fqv3-7gwf
x_refsource_CONFIRM
https://github.com/SignalK/signalk-server/releases/tag/v2.24.0-beta.4
x_refsource_MISC
Hyperlink: https://github.com/SignalK/signalk-server/security/advisories/GHSA-x8hc-fqv3-7gwf
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/SignalK/signalk-server/releases/tag/v2.24.0-beta.4
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found