CVE-2026-46484 - Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user
CVE ID :CVE-2026-46484 Published : June 8, 2026, 8:17 p.m. | 58 minutes ago Description :Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node...