CNNVD-202601-4857 Information

CNNVD ID

CNNVD-202601-4857

Related CVE

CVE-2026-24904

• CNNVD Published: 2026-01-29

Description (Chinese)

TrustTunnel是TrustTunnel开源的一个VPN协议软件。 TrustTunnel 0.9.115之前版本存在访问控制错误漏洞，该漏洞源于规则评估逻辑缺陷，可能导致依赖client_random_prefix匹配的规则被跳过。

Description (English)

TrustTunnel is a VPN protocol software from TrustTunnel Open Source. Prior to TrustTunnel 0.9.115, there was a bug in access control, which stemmed from a logical flaw in the rule assessment, which could result in skipping rules that relied on the matching of the clit random prefix.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

TrustTunnel

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/TrustTunnel/TrustTunnel/commit/aa5060145506952b9431b0ed3edb52bb6c08d9a6 https://github.com/TrustTunnel/TrustTunnel/security/advisories/GHSA-fqh7-r5gf-3r87

Patch

https://github.com/TrustTunnel/TrustTunnel/releases