LOWCVE-2026-40077CVSS 3.5

CVE-2026-40077: Authorization Bypass in Beszel

Q: What is CVE-2026-40077 — Authorization Bypass in Beszel?

CVE-2026-40077 is a LOW severity vulnerability in Beszel versions 0.0.0 through 0.18.6 that allows authenticated users to access system data if they know the system ID.

Q: Am I affected by CVE-2026-40077 in Beszel?

You are affected if you are running Beszel versions 0.0.0 through 0.18.6. Upgrade to version 0.18.7 to resolve the issue.

Q: How do I fix CVE-2026-40077 in Beszel?

Upgrade Beszel to version 0.18.7 or later. As a temporary workaround, implement stricter access controls and monitor API access logs.

Q: Is CVE-2026-40077 being actively exploited?

There are currently no reports of active exploitation, but the vulnerability is publicly known.

Q: Where can I find the official Beszel advisory for CVE-2026-40077?

Refer to the Beszel project's official communication channels and security advisories for the latest information.

Platform

nodejs

Component

beszel

Fixed in

0.18.8

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

View on NVD

Save

CVE-2026-40077 describes an authorization bypass vulnerability in Beszel, a server monitoring platform. This flaw allows authenticated users to access API endpoints for any system within the Beszel hub, provided they possess the system's ID. The vulnerability affects versions 0.0.0 through 0.18.6 and has been resolved in version 0.18.7.

Impact and Attack Scenarios

An attacker exploiting this vulnerability could gain unauthorized access to sensitive system information and potentially manipulate system configurations within the Beszel environment. While system IDs are random alphanumeric strings and not widely exposed, an attacker could theoretically enumerate valid IDs through API requests. Successful exploitation could lead to data breaches, system misconfigurations, and disruption of monitoring services. The potential blast radius is limited to the systems accessible through the Beszel platform, but the impact on those systems could be significant.

Exploitation Context

CVE-2026-40077 was publicly disclosed on 2026-04-09. The CVSS score is LOW (3.5), indicating a relatively low probability of exploitation. No public proof-of-concept (PoC) code is currently available. It is not listed on the CISA KEV catalog at the time of this writing.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.05% (17% percentile)

CISA SSVC

Exploitationpoc

Automatableno

Technical Impactpartial

CVSS Vector

Affected Software

Componentbeszel

Vendorhenrygd

Affected rangeFixed in

< 0.18.7 – < 0.18.70.18.8

Weakness Classification (CWE)

CWE-184

Timeline

Reserved2026-04-09
Published2026-04-09
Modified2026-04-13
EPSS updated2026-04-17

Mitigation and Workarounds

The primary mitigation for CVE-2026-40077 is to upgrade Beszel to version 0.18.7 or later. If upgrading is not immediately feasible, consider implementing stricter access controls within the Beszel environment to limit user privileges and restrict access to sensitive API endpoints. Review and audit existing user permissions to ensure least privilege principles are enforced. Monitoring API access logs for unusual activity can also help detect potential exploitation attempts.

How to fix

Update Beszel to version 0.18.7 or higher to mitigate the IDOR vulnerability. This update implements proper access checks to protect the hub API endpoints from unauthorized access.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-40077 — Authorization Bypass in Beszel?

CVE-2026-40077 is a LOW severity vulnerability in Beszel versions 0.0.0 through 0.18.6 that allows authenticated users to access system data if they know the system ID.

Am I affected by CVE-2026-40077 in Beszel?

You are affected if you are running Beszel versions 0.0.0 through 0.18.6. Upgrade to version 0.18.7 to resolve the issue.

How do I fix CVE-2026-40077 in Beszel?

Upgrade Beszel to version 0.18.7 or later. As a temporary workaround, implement stricter access controls and monitor API access logs.

Is CVE-2026-40077 being actively exploited?

There are currently no reports of active exploitation, but the vulnerability is publicly known.

Where can I find the official Beszel advisory for CVE-2026-40077?

Refer to the Beszel project's official communication channels and security advisories for the latest information.

NextGuard

Vulnerabilities

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free

Search CVEs

What do these metrics mean?

Attack Vector: Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity: High — requires a race condition, non-default configuration, or specific circumstances. Harder to exploit reliably.
Privileges Required: Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction: None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope: Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality: Low — partial or indirect data access. Attacker gains limited information.
Integrity: None — no integrity impact. Attacker cannot modify data.
Availability: None — no availability impact. Service remains fully operational.