CVE-2026-35038

Medium CVSS: 5.3

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should. This issue has been patched in version 2.24.0.

Vendor

Signalk

Product

Signal K Server

CWE

CWE-20

Yayın Tarihi

2026-04-02 17:16:27

Güncelleme

2026-04-06 14:54:52

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Signal K Server MEDIUM Signalk 2026

Referanslar

https://github.com/SignalK/signalk-server/releases/tag/v2.24.0 https://github.com/SignalK/signalk-server/security/advisories/GHSA-qh3j-mrg8-f234

Benzer Kayıtlar

Medium

CVE-2026-33951

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the Signal…

Medium

CVE-2026-34083

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server co…

Critical

CVE-2026-33950

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a…

Medium

CVE-2026-25228

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerab…

Critical

CVE-2026-23515

Signal K Server is a server application that runs on a central hub in a boat. Prior to 1.5.0, a command injection vulner…

Medium

CVE-2025-69203

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access req…