Description
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the attacker's account (such as writing sensitive data to the attacker's SSH target, or logging into an HTTP target that the attacker set up). This vulnerability is fixed in 0.23.3.
Published: 2026-05-12
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the SSO flow of Warpgate, which fails to validate the state parameter returned after authentication. This allows an attacker to perform a cross‑site request forgery that forces a legitimate user to sign in with the attacker’s account and may lead the user to carry out sensitive actions on that account, such as writing data to the attacker’s SSH target or accessing malicious web targets set up by the attacker.

Affected Systems

Warp‑tech Warpgate, versions prior to 0.23.3. Users running any earlier release are impacted until the upgrade to 0.23.3 or a later patch that validates the state token.

Risk and Exploitability

The CVSS score of 5.8 indicates moderate severity. The EPSS score is not available, so the probability of exploitation is uncertain but could be low to moderate. The vulnerability is not listed in CISA's KEV catalog. The likely attack vector is web‑based; an attacker would need to lure a user to a crafted URL to trigger the CSRF and gain access to the attacker’s account.

Generated by OpenCVE AI on May 13, 2026 at 00:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Warpgate to version 0.23.3 or later which includes state parameter validation
  • Rotate or invalidate user sessions that may have been exposed during the attack window
  • Monitor logs for unauthorized SSH or HTTP actions originating from the users’ accounts

Generated by OpenCVE AI on May 13, 2026 at 00:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Warpgate Project
Warpgate Project warpgate
CPEs cpe:2.3:a:warpgate_project:warpgate:0.23.2:*:*:*:*:*:*:*
Vendors & Products Warpgate Project
Warpgate Project warpgate

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Warp-tech
Warp-tech warpgate
Vendors & Products Warp-tech
Warp-tech warpgate

Tue, 12 May 2026 23:15:00 +0000

Type Values Removed Values Added
Description Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the attacker's account (such as writing sensitive data to the attacker's SSH target, or logging into an HTTP target that the attacker set up). This vulnerability is fixed in 0.23.3.
Title Warpgate: SSO CSRF -- State Token Not Validated on Return
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N'}

Subscriptions

Warp-tech Warpgate
Warpgate Project Warpgate
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-13T15:36:43.539Z

Reserved: 2026-05-05T19:52:59.148Z

Link: CVE-2026-44347

cve-icon Vulnrichment

Updated: 2026-05-13T15:35:29.779Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T23:16:18.340

Modified: 2026-05-14T14:27:40.027

Link: CVE-2026-44347

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:35:12Z

Weaknesses