CVE-2026-44343

critical

Published 2026-05-12 · Modified 2026-05-19

CVSS v3

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

—

VIR risk

9.8

Description

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security-advisories@github.com — https://github.com/WGDashboard/WGDashboard/security/advisories/GHSA-rrf5-q4fp-qvgm

vendor Authored 2026-05-27

Vendor advisory: security-advisories@github.com — https://github.com/WGDashboard/WGDashboard/commit/b15bbce9bc5554ec379d558f032c730db47fcea2

Application impact

Vendor	Product	Versions	Fixed
wgdashboard	wgdashboard	`{"endExcluding":"4.3.2"}`	`4.3.2`

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.