Hasty Briefsbeta

Bilingual

TS-2026-009: Insecure argument handling in Tailscale SSH permitted root access

3 hours ago
  • #security-vulnerability
  • #privilege-escalation
  • #denial-of-service
  • A malformed HTTP request without a leading '/' could cause infinite CPU usage in Tailscale Serve/Funnel.
  • Tailscale SSH allowed usernames with leading '-', enabling root access bypass on Linux via '-i' username.
  • Both vulnerabilities are fixed in Tailscale version 1.98.9 or newer.
  • Affected nodes running Serve/Funnel or SSH on versions before 1.98.9 require immediate upgrade.