CVE-2026-29771 is an improper resource shutdown vulnerability (CWE-404) found in gravitl netmaker, a network management tool that leverages WireGuard for VPN creation. Prior to version 1.2.0, the Netmaker server exposes an unauthenticated API endpoint (/api/server/shutdown) that allows any user to send a shutdown command. This command triggers the server process to terminate via syscall.SIGINT, causing the server to shut down. However, the server automatically restarts approximately every 3 seconds, leading to a cyclic denial of service (DoS) condition. Because the endpoint requires no authentication or user interaction, an attacker can remotely and repeatedly invoke this shutdown, rendering the Netmaker service unavailable for legitimate users. This vulnerability impacts the availability of the Netmaker server, disrupting network orchestration and management. The issue was addressed in version 1.2.0 by removing or securing the shutdown endpoint to prevent unauthorized access. No known exploits are reported in the wild as of the publication date. The CVSS 4.0 score is 8.7 (high), reflecting the ease of exploitation and significant impact on availability without requiring privileges or user interaction.

The primary impact of CVE-2026-29771 is a denial of service condition that disrupts the availability of the Netmaker server. Organizations relying on Netmaker for managing WireGuard-based VPNs and network overlays may experience repeated service interruptions, leading to network downtime, loss of connectivity, and potential operational delays. This can affect internal communications, remote access, and cloud or hybrid network environments dependent on Netmaker orchestration. The cyclic nature of the shutdown and restart (approximately every 3 seconds) prevents stable operation, complicating incident response and recovery. While confidentiality and integrity are not directly impacted, the loss of availability can have cascading effects on business continuity, especially for organizations with critical infrastructure or remote workforce reliance. The vulnerability’s ease of exploitation and lack of authentication requirements increase the risk of widespread abuse if exposed to untrusted networks.

To mitigate CVE-2026-29771, organizations should immediately upgrade gravitl netmaker to version 1.2.0 or later, where the vulnerable shutdown endpoint has been patched. If upgrading is not immediately feasible, restrict network access to the /api/server/shutdown endpoint using firewall rules, network segmentation, or API gateway controls to allow only trusted administrative users or internal systems. Implement strong authentication and authorization mechanisms for all API endpoints to prevent unauthorized access. Monitor server logs and network traffic for repeated shutdown requests or unusual API activity indicative of exploitation attempts. Additionally, consider deploying intrusion detection/prevention systems (IDS/IPS) to detect and block malicious API calls. Regularly review and update security policies around network management tools and conduct vulnerability assessments to identify similar exposure points. Maintain an incident response plan to quickly address service disruptions caused by such attacks.