Vulnerability Details CVE-2026-24902
TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In `tcp_forwarder.rs`, SSRF protection for `allow_private_network_connections = false` was only applied in the `TcpDestination::HostName(peer)` path. The `TcpDestination::Address(peer) => peer` path proceeded to `TcpStream::connect()` without equivalent checks (for example `is_global_ip`, `is_loopback`), allowing loopback/private targets to be reached by supplying a numeric IP. The vulnerability is fixed in version 0.9.114.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.8%
CVSS Severity
CVSS v3 Score 7.1
References
Products affected by CVE-2026-24902
-
cpe:2.3:a:adguard:trusttunnel:0.9.100
-
cpe:2.3:a:adguard:trusttunnel:0.9.102
-
cpe:2.3:a:adguard:trusttunnel:0.9.105
-
cpe:2.3:a:adguard:trusttunnel:0.9.109
-
cpe:2.3:a:adguard:trusttunnel:0.9.20
-
cpe:2.3:a:adguard:trusttunnel:0.9.22
-
cpe:2.3:a:adguard:trusttunnel:0.9.23
-
cpe:2.3:a:adguard:trusttunnel:0.9.24
-
cpe:2.3:a:adguard:trusttunnel:0.9.26
-
cpe:2.3:a:adguard:trusttunnel:0.9.27
-
cpe:2.3:a:adguard:trusttunnel:0.9.38
-
cpe:2.3:a:adguard:trusttunnel:0.9.39
-
cpe:2.3:a:adguard:trusttunnel:0.9.40
-
cpe:2.3:a:adguard:trusttunnel:0.9.43
-
cpe:2.3:a:adguard:trusttunnel:0.9.47
-
cpe:2.3:a:adguard:trusttunnel:0.9.74
-
cpe:2.3:a:adguard:trusttunnel:0.9.85
-
cpe:2.3:a:adguard:trusttunnel:0.9.87
-
cpe:2.3:a:adguard:trusttunnel:0.9.96
-
cpe:2.3:a:adguard:trusttunnel:0.9.99