Browse all 3 CVE security advisories affecting tailscale. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Tailscale provides a secure mesh networking solution that simplifies connectivity between devices and resources. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation issues. The platform maintains security through encrypted WireGuard-based connections and automatic firewall management. While Tailscale has addressed security proactively, its three recorded CVEs highlight potential risks in client components and access controls. The service's zero-trust architecture reduces attack surfaces, though misconfigurations could expose networks. No major security incidents have been publicly reported, but the limited CVE history suggests ongoing vigilance is required for organizations implementing the solution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-28436 | Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process — tailscaleCWE-269 | 5.7 | Medium | 2023-03-23 |
| CVE-2022-41924 | Tailscale Windows daemon is vulnerable to RCE via CSRF — tailscaleCWE-346 | 8.8 | - | 2022-11-23 |
| CVE-2022-41925 | Tailscale daemon is vulnerable to information disclosure via CSRF — tailscaleCWE-352 | 8.0 | - | 2022-11-23 |
This page lists every published CVE security advisory associated with tailscale. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.