CVE-2026-27899: WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level
Any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with "IsAdmin": true in the JSON body. After logging out and back in, the session picks up admin privileges from the database.
Tested against wg-portal v2.1.2 (Docker image wgportal/wg-portal:v2).
References
- github.com/advisories/GHSA-5rmx-256w-8mj9
- github.com/h44z/wg-portal
- github.com/h44z/wg-portal/commit/fe4485037a25426446ced95050e9498f477bf71d
- github.com/h44z/wg-portal/releases/tag/v2.1.3
- github.com/h44z/wg-portal/security/advisories/GHSA-5rmx-256w-8mj9
- hub.docker.com/layers/wgportal/wg-portal/v2.1.3/images/sha256-39acfab55598a74e561828b8cb639515ddc222d6c884996111f5ef235aba9e7b
- nvd.nist.gov/vuln/detail/CVE-2026-27899
Code Behaviors & Features
Detect and mitigate CVE-2026-27899 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →