Scan free
LOWCVE-2026-40077CVSS 3.5

CVE-2026-40077: Authorization Bypass in Beszel

Platform

nodejs

Component

beszel

Fixed in

0.18.8

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2026-40077 describes an authorization bypass vulnerability in Beszel, a server monitoring platform. This flaw allows authenticated users to access API endpoints for any system within the Beszel hub, provided they possess the system's ID. The vulnerability affects versions 0.0.0 through 0.18.6 and has been resolved in version 0.18.7.

Impact and Attack Scenarios

An attacker exploiting this vulnerability could gain unauthorized access to sensitive system information and potentially manipulate system configurations within the Beszel environment. While system IDs are random alphanumeric strings and not widely exposed, an attacker could theoretically enumerate valid IDs through API requests. Successful exploitation could lead to data breaches, system misconfigurations, and disruption of monitoring services. The potential blast radius is limited to the systems accessible through the Beszel platform, but the impact on those systems could be significant.

Exploitation Context

CVE-2026-40077 was publicly disclosed on 2026-04-09. The CVSS score is LOW (3.5), indicating a relatively low probability of exploitation. No public proof-of-concept (PoC) code is currently available. It is not listed on the CISA KEV catalog at the time of this writing.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.05% (17% percentile)

CISA SSVC

Exploitationpoc
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N3.5LOWAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityHighConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityNoneRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
High — requires a race condition, non-default configuration, or specific circumstances. Harder to exploit reliably.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
None — no integrity impact. Attacker cannot modify data.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentbeszel
Vendorhenrygd
Affected rangeFixed in
< 0.18.7 – < 0.18.70.18.8

Weakness Classification (CWE)

CWE-184

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2026-40077 is to upgrade Beszel to version 0.18.7 or later. If upgrading is not immediately feasible, consider implementing stricter access controls within the Beszel environment to limit user privileges and restrict access to sensitive API endpoints. Review and audit existing user permissions to ensure least privilege principles are enforced. Monitoring API access logs for unusual activity can also help detect potential exploitation attempts.

How to fix

Update Beszel to version 0.18.7 or higher to mitigate the IDOR vulnerability. This update implements proper access checks to protect the hub API endpoints from unauthorized access.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-40077 — Authorization Bypass in Beszel?

CVE-2026-40077 is a LOW severity vulnerability in Beszel versions 0.0.0 through 0.18.6 that allows authenticated users to access system data if they know the system ID.

Am I affected by CVE-2026-40077 in Beszel?

You are affected if you are running Beszel versions 0.0.0 through 0.18.6. Upgrade to version 0.18.7 to resolve the issue.

How do I fix CVE-2026-40077 in Beszel?

Upgrade Beszel to version 0.18.7 or later. As a temporary workaround, implement stricter access controls and monitor API access logs.

Is CVE-2026-40077 being actively exploited?

There are currently no reports of active exploitation, but the vulnerability is publicly known.

Where can I find the official Beszel advisory for CVE-2026-40077?

Refer to the Beszel project's official communication channels and security advisories for the latest information.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs