The vulnerability identified as CVE-2026-29771 affects gravitl netmaker, a network management tool that utilizes WireGuard for creating secure networks. Prior to version 1.2.0, the application exposes an unauthenticated API endpoint at /api/server/shutdown that triggers the termination of the Netmaker server process by sending a syscall.SIGINT signal. This improper resource shutdown (classified under CWE-404) allows any remote attacker to repeatedly invoke this endpoint, causing the server to shut down and restart in a cyclic manner with approximately 3-second intervals. This behavior results in a denial of service condition, rendering the Netmaker server unavailable for legitimate users. The vulnerability is remotely exploitable without any authentication or user interaction, making it highly accessible to attackers. The issue has been addressed and patched in version 1.2.0 of netmaker, which removes or restricts access to this shutdown functionality to prevent abuse.

The primary impact of CVE-2026-29771 is on the availability of the Netmaker server, causing a denial of service through repeated shutdowns and restarts. This disrupts network management operations and can lead to downtime in environments relying on Netmaker for WireGuard network orchestration. Organizations using affected versions may experience service interruptions, loss of network connectivity management, and potential cascading effects on dependent systems. Since the vulnerability requires no authentication and can be triggered remotely, it poses a significant risk to any exposed Netmaker server, especially those accessible over the internet. The repeated restarts could also increase resource consumption and potentially lead to further instability or crashes. While no direct confidentiality or integrity impacts are indicated, the availability disruption alone can have severe operational consequences.

The most effective mitigation is to upgrade all affected Netmaker instances to version 1.2.0 or later, where the vulnerability has been patched. Until upgrading is possible, organizations should implement strict network access controls to restrict access to the /api/server/shutdown endpoint, ideally limiting it to trusted administrative networks or VPNs. Deploying Web Application Firewalls (WAFs) or API gateways to detect and block repeated shutdown requests can help mitigate exploitation attempts. Monitoring server logs for unusual shutdown requests and implementing alerting mechanisms will aid in early detection of exploitation attempts. Additionally, consider isolating Netmaker servers from direct internet exposure and employing network segmentation to reduce the attack surface. Regularly review and update access policies and ensure that all software dependencies are kept current to prevent similar vulnerabilities.