vulnerability
FreeBSD: VID-ee6936da-0ddd-11ef-9c21-901b0e9408dc: tailscale -- Insufficient inbound packet filtering in subnet routers and exit nodes
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | May 9, 2024 | Dec 10, 2025 | Dec 10, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
May 9, 2024
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Tailscale team reports: In Tailscale versions earlier than 1.66.0, exit nodes, subnet routers, and app connectors, could allow inbound connections to other tailnet nodes from their local area network (LAN). This vulnerability only affects Linux exit nodes, subnet routers, and app connectors in tailnets where ACLs allow "src": "*", such as with default ACLs.
Solution
freebsd-upgrade-package-tailscale
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.