DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-40077: CVE-2026-40077: Insecure Direct Object Reference in Beszel Hub API

#security #cve #cybersecurity

CVE-2026-40077: Insecure Direct Object Reference in Beszel Hub API

Vulnerability ID: CVE-2026-40077
CVSS Score: 3.5
Published: 2026-04-10

CVE-2026-40077 is an Insecure Direct Object Reference (IDOR) vulnerability in the Beszel Hub API prior to version 0.18.7. The flaw allows authenticated users to bypass authorization controls and access sensitive container logs, retrieve systemd metadata, or trigger SMART disk scans on monitoring agents belonging to other users.

TL;DR

An IDOR flaw in Beszel Hub allows authenticated users to access other users' systems by providing a 15-character system ID. The patch in version 0.18.7 introduces explicit ownership validation.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-184, CWE-639
  • Attack Vector: Network
  • CVSS Base Score: 3.5
  • EPSS Percentile: 14.91%
  • Impact: Information Disclosure
  • Exploit Status: Proof-of-Concept
  • KEV Listed: False

Affected Systems

  • Beszel Hub API
  • Beszel Monitoring Agents
  • Beszel: < 0.18.7 (Fixed in: 0.18.7)

Code Analysis

Commit: ba10da1

Core Authorization Patch: Adds HasUser() check to API routes.

Commit: 5463a38

Middleware Refactor Patch: Introduces requireAdminRole and excludeReadOnlyRole.

Exploit Details

  • GitHub Advisory: Proof-of-Concept logic documented in advisory, outlining target endpoint queries.

Mitigation Strategies

  • Upgrade Beszel Hub to version 0.18.7 or later to implement the HasUser authorization checks.
  • Audit Beszel Hub user roles and restrict untrusted users to the 'readonly' role.
  • Monitor API access logs for anomalous HTTP 404 errors targeting the custom proxy endpoints.

Remediation Steps:

  1. Verify the current version of the Beszel Hub installation.
  2. Pull the latest Beszel Hub container image (v0.18.7 or newer).
  3. Restart the Beszel Hub service.
  4. Review the internal/hub API access logs for signs of unauthorized cross-system queries.

References

Read the full report for CVE-2026-40077 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)