Vulnerabilities ›

CVE-2026-44347

Medium ⚡ Exploit Available

CWE-352 — Weakness Type

                    Published: May 12, 2026                      ·  Modified: May 15, 2026                      ·  Source: NVD                

CVSS v3

5.8

🔗 NVD Official

📄 Description (English)

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the attacker's account (such as writing sensitive data to the attacker's SSH target, or logging into an HTTP target that the attacker set up). This vulnerability is fixed in 0.23.3.

🤖 AI Executive Summary

Warpgate SSH/HTTPS/MySQL bastion host versions before 0.23.3 lack state parameter validation in SSO flow, enabling account takeover attacks. Attackers can trick users into logging into attacker-controlled accounts and performing sensitive actions.

📄 Description (Arabic)

يفتقر Warpgate قبل الإصدار 0.23.3 للتحقق من معامل الحالة في تدفق المصادقة الموحدة (SSO)، مما يسمح بهجمات تزييف الطلبات عبر المواقع (CSRF). يمكن للمهاجمين إنشاء روابط خادعة تجبر المستخدمين على تسجيل الدخول إلى حسابات المهاجم وتنفيذ إجراءات حساسة.

🤖 ملخص تنفيذي (AI)

بوابة Warpgate SSH/HTTPS/MySQL الإصدارات السابقة للإصدار 0.23.3 تفتقر للتحقق من معامل الحالة في تدفق SSO، مما يسمح بهجمات الاستيلاء على الحسابات. يمكن للمهاجمين خداع المستخدمين لتسجيل الدخول إلى حسابات يتحكمون بها وتنفيذ إجراءات حساسة.

🤖 AI Intelligence Analysis Analyzed: May 24, 2026 19:54

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1110 T1187 T1598

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Warpgate to version 0.23.3 or later immediately. Review access logs for suspicious SSO activities. Implement additional authentication factors for sensitive operations. Monitor for unauthorized account access patterns.

🔧 خطوات المعالجة (العربية)

قم بترقية Warpgate إلى الإصدار 0.23.3 أو أحدث فوراً. راجع سجلات الوصول للأنشطة المريبة في SSO. طبق عوامل مصادقة إضافية للعمليات الحساسة. راقب أنماط الوصول غير المصرح به للحسابات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 SI-4

🟡 ISO 27001:2022

A.9.2.1 A.9.2.5 A.9.4.3

🔗 References & Sources 2

🔗

https://github.com/warp-tech/warpgate/security/advisories/GHSA-rj86-hm3r-c275

security-advisories@github.com

Exploit Vendor Advisory

🔗

https://github.com/warp-tech/warpgate/security/advisories/GHSA-rj86-hm3r-c275

134c704f-9b21-4f2e-91b3-4a467353bcc0

Exploit Vendor Advisory

📦 Affected Products / CPE 1 entries

warpgate_project:warpgate:0.23.2

📊 CVSS Score

5.8

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N

Attack VectorN — None / Network

Attack ComplexityH — High

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeC — Changed

ConfidentialityN — None / Network

IntegrityH — High

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.8

CWECWE-352

EPSS0.02%

Exploit ✓ Yes

Patch ✗ No

Published 2026-05-12

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

exploit-available CWE-352

🏢 Vendor Advisories

🔗 https://github.com/warp-tech/warpgate/security/advis... 🔗 https://github.com/warp-tech/warpgate/security/advis...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-44347

Introduce Yourself

Sign In Required