Warpgate Project Warpgate — known CVE vulnerabilities
Every CVE whose affected-product data names Warpgate Project Warpgate, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-43410 — CVSS 7.5 (high): Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh…
CVE-2026-42189 — CVSS 7.5 (high): Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the…
CVE-2023-48712 — CVSS 7.1 (high): Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability…
CVE-2025-54804 — CVSS 6.5 (medium): Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to…
CVE-2023-37268 — CVSS 6.4 (medium): Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO…
CVE-2026-44347 — CVSS 5.8 (medium): Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state…
CVE-2023-43660 — CVSS 4.8 (medium): Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user…