Netmaker, a platform that creates networks using WireGuard, contained a flaw that enabled any user to terminate the server by calling /api/server/shutdown. The endpoint triggered a SIGINT signal, causing the Netmaker server process to exit and automatically restart after a brief delay, inducing repeated downtime. The consequence is a denial of service that can be executed continually, disrupting network availability for all clients. The weakness is classified as a missing resource error (CWE‑404).

Affected systems are installations of gravitl Netmaker older than version 1.2.0. The vulnerability applies to all releases before the 1.2.0 patch, which was released to fix the shutdown endpoint behavior. All environments running those earlier builds are susceptible when the /api/server/shutdown endpoint is reachable.

The CVSS score of 8.7 indicates a high impact vulnerability. The EPSS score is below 1 %, suggesting a low probability of exploitation at this time, and the issue is not listed in the KEV catalog. The likely attack vector is remote HTTP(S) requests to the shutdown endpoint; the description states that any user can trigger the flaw, so authentication, if present, may not be sufficient. An attacker who can reach the endpoint can repeatedly restart the server, leading to predictable 3‑second restart cycles that cause noticeable traffic disruption. However, the tool’s default configuration may limit endpoint exposure, so the practical risk depends on the network visibility of the API.