By vendor
Networktocode vulnerabilities
Known CVEs affecting Networktocode products, prioritized by severity, with SEC.co remediation and detection guidance.
4 published vulnerabilities
- CVE-2026-44797HIGH 8.5
Nautobot, a network automation and source-of-truth platform, contains a webhook configuration vulnerability that allows authenticated users to craft requests to internal hosts and IP addresses they should not be able to reach. This is functionally similar to server-side request forgery (SSRF) attacks, where the application itself becomes a proxy for malicious requests. An attacker with sufficient access could abuse this to scan internal networks, access restricted services, or exfiltrate data. The issue affects Nautobot versions prior to 2.4.33 and 3.1.2.
- CVE-2026-44798HIGH 7.1
A vulnerability in Nautobot allows authenticated users with GitRepository management permissions to manipulate an internal field (current_head) via the REST API that should not be user-editable. By setting this field to arbitrary values, an attacker could cause Nautobot's local repository clones to checkout outdated commits or become unusable entirely, creating operational disruption and potentially stale or corrupted network automation state. The issue affects versions prior to 2.4.33 and 3.1.2.
- CVE-2026-44796MEDIUM 6.5
Nautobot, a network automation and source-of-truth platform, contains a denial-of-service vulnerability in its bulk-rename feature. An authenticated attacker can craft malicious regular expressions in the 'find' field and enable the regex flag to cause the application to hang or become unresponsive, disrupting access for all users. The flaw affects versions before 2.4.33 and 3.1.2.
- CVE-2026-44794MEDIUM 5.4
Nautobot, a network automation platform, contains a permission bypass vulnerability in its REST API that affects how it validates references between database objects. When users create or update records that link to other objects in the system, the API fails to properly check whether the user has permission to view those referenced objects. This means an authenticated user could potentially reference objects they shouldn't have access to, leading to information disclosure or unintended modifications. The issue affects Nautobot versions before 2.4.33 and 3.1.2.