AIKIDO-2026-10286
github.com/netbirdio/netbird is vulnerable to Race Condition
40
Medium Risk
This Affects:
github.com/netbirdio/netbirdTL;DR
Affected versions of this package are vulnerable to a privilege escalation issue caused by a race condition in the user role validation logic. During role updates, concurrent requests could temporarily rely on stale role data, allowing permission checks to succeed even though the user’s role was being downgraded. Under specific timing conditions—such as when an administrator was being demoted while simultaneously performing account ownership operations—this race window could allow actions requiring elevated privileges to proceed. In coordinated scenarios involving multiple administrator accounts, this could potentially result in unauthorized role changes or ownership transfers. The issue is fixed by ensuring role validation is performed against consistent and up-to-date role data during role updates, eliminating the race condition and preventing privilege escalation.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/netbirdio/netbird is vulnerable to Race Condition in versions 0.33.0 - 0.65.2.
How to fix this
Upgrade the github.com/netbirdio/netbird library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant