Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SignalK — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting SignalK. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SignalK provides maritime data integration by standardizing vessel sensor information for navigation and monitoring systems. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and authentication flaws. The platform's exposure to network-connected maritime infrastructure increases its attack surface. While no major public incidents have been widely documented, the 13 recorded CVEs highlight persistent security concerns in its API implementations and web interfaces. Organizations implementing SignalK should prioritize regular patching and network segmentation to mitigate risks associated with these historically exploited weaknesses in connected maritime environments.

Top products by SignalK: signalk-server
CVE IDTitleCVSSSeverityPublished
CVE-2026-41893 Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force) — signalk-serverCWE-307 9.1AICriticalAI2026-05-09
CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths — signalk-serverCWE-400 7.5 High2026-04-21
CVE-2026-35038 signalk-server: Arbitrary Prototype Read via `from` Field Bypass — signalk-serverCWE-20 6.5AIMediumAI2026-04-02
CVE-2026-34083 signalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow — signalk-serverCWE-346 6.1 Medium2026-04-02
CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation — signalk-serverCWE-284 7.5AIHighAI2026-04-02
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity — signalk-serverCWE-285 9.4 Critical2026-04-02
CVE-2026-25228 SignalK Server has Path Traversal leading to information disclosure — signalk-serverCWE-22 5.0 Medium2026-02-02
CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin — signalk-serverCWE-78 10.0 Critical2026-02-02
CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing — signalk-serverCWE-290 6.3 Medium2026-01-01
CVE-2025-68619 Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package — signalk-serverCWE-94 9.1 -2026-01-01
CVE-2025-68620 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling — signalk-serverCWE-288 9.1 Critical2026-01-01
CVE-2025-68273 Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints — signalk-serverCWE-200 5.3 Medium2026-01-01
CVE-2025-68272 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding — signalk-serverCWE-400 7.5 High2026-01-01
CVE-2025-66398 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE) — signalk-serverCWE-78 9.7 Critical2026-01-01

This page lists every published CVE security advisory associated with SignalK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.