CVE-2026-35038 in signalk-serverinformation

Résumé (Anglaise)

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should. This issue has been patched in version 2.24.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

GitHub_M

Réserver

31/03/2026

Divulgation

02/04/2026

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

IDVulnérabilitéCWEExpConCVE
354940SignalK signalk-server divulgation d'information200Preuve de conceptCorrectif officielCVE-2026-35038

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!