Filtered by vendor Mega-fence Project
Subscriptions
Filtered by product Mega-fence
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65328 | 1 Mega-fence Project | 1 Mega-fence | 2026-01-30 | 6.5 Medium |
| Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed. | ||||
Page 1 of 1.