CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24904

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In `tls_listener.rs`, `TlsListener::listen()` peeks 1024 bytes and calls `extract_client_random(...)`. If `parse_tls_plaintext` fails (for example, a fragmented/partial ClientHello split across TCP writes), `extract_client_random` returns `None`. In `rules.rs`, `RulesEngine::evaluate` only evaluates `client_random_prefix` when `client_random` is `Some(...)`. As a result, when extraction fails (`client_random == None`), any rule that relies on `client_random_prefix` matching is skipped and evaluation falls through to later rules. As an important semantics note: `client_random_prefix` is a match condition only. It does not mean "block non-matching prefixes" by itself. A rule with `client_random_prefix = ...` triggers its `action` only when the prefix matches (and the field is available to evaluate). Non-matches (or `None`) simply do not match that rule and continue to fall through. The vulnerability is fixed in version 0.9.115.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.0%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2026-24904

Adguard » Trusttunnel » Version: 0.9.100

cpe:2.3:a:adguard:trusttunnel:0.9.100
Adguard » Trusttunnel » Version: 0.9.102

cpe:2.3:a:adguard:trusttunnel:0.9.102
Adguard » Trusttunnel » Version: 0.9.105

cpe:2.3:a:adguard:trusttunnel:0.9.105
Adguard » Trusttunnel » Version: 0.9.109

cpe:2.3:a:adguard:trusttunnel:0.9.109
Adguard » Trusttunnel » Version: 0.9.114

cpe:2.3:a:adguard:trusttunnel:0.9.114
Adguard » Trusttunnel » Version: 0.9.20

cpe:2.3:a:adguard:trusttunnel:0.9.20
Adguard » Trusttunnel » Version: 0.9.22

cpe:2.3:a:adguard:trusttunnel:0.9.22
Adguard » Trusttunnel » Version: 0.9.23

cpe:2.3:a:adguard:trusttunnel:0.9.23
Adguard » Trusttunnel » Version: 0.9.24

cpe:2.3:a:adguard:trusttunnel:0.9.24
Adguard » Trusttunnel » Version: 0.9.26

cpe:2.3:a:adguard:trusttunnel:0.9.26
Adguard » Trusttunnel » Version: 0.9.27

cpe:2.3:a:adguard:trusttunnel:0.9.27
Adguard » Trusttunnel » Version: 0.9.38

cpe:2.3:a:adguard:trusttunnel:0.9.38
Adguard » Trusttunnel » Version: 0.9.39

cpe:2.3:a:adguard:trusttunnel:0.9.39
Adguard » Trusttunnel » Version: 0.9.40

cpe:2.3:a:adguard:trusttunnel:0.9.40
Adguard » Trusttunnel » Version: 0.9.43

cpe:2.3:a:adguard:trusttunnel:0.9.43
Adguard » Trusttunnel » Version: 0.9.47

cpe:2.3:a:adguard:trusttunnel:0.9.47
Adguard » Trusttunnel » Version: 0.9.74

cpe:2.3:a:adguard:trusttunnel:0.9.74
Adguard » Trusttunnel » Version: 0.9.85

cpe:2.3:a:adguard:trusttunnel:0.9.85
Adguard » Trusttunnel » Version: 0.9.87

cpe:2.3:a:adguard:trusttunnel:0.9.87
Adguard » Trusttunnel » Version: 0.9.96

cpe:2.3:a:adguard:trusttunnel:0.9.96
Adguard » Trusttunnel » Version: 0.9.99

cpe:2.3:a:adguard:trusttunnel:0.9.99

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-24904

Products

Pricing

Contact Us