CVE-2026-27899P2HIGHCVSS 8.8fixed in 2.1.32026-02-26
CVE-2026-27899 [HIGH] CWE-269 CVE-2026-27899: WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management.
WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with `"IsAdmin": true` in the JSON body. After logging out and back in, the session picks up adm
nvd