Vulnerability Description
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In `tls_listener.rs`, `TlsListener::listen()` peeks 1024 bytes and calls `extract_client_random(...)`. If `parse_tls_plaintext` fails (for example, a fragmented/partial ClientHello split across TCP writes), `extract_client_random` returns `None`. In `rules.rs`, `RulesEngine::evaluate` only evaluates `client_random_prefix` when `client_random` is `Some(...)`. As a result, when extraction fails (`client_random == None`), any rule that relies on `client_random_prefix` matching is skipped and evaluation falls through to later rules. As an important semantics note: `client_random_prefix` is a match condition only. It does not mean "block non-matching prefixes" by itself. A rule with `client_random_prefix = ...` triggers its `action` only when the prefix matches (and the field is available to evaluate). Non-matches (or `None`) simply do not match that rule and continue to fall through. The vulnerability is fixed in version 0.9.115.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adguard | Trusttunnel | < 0.9.115 |
Related Weaknesses (CWE)
References
- https://github.com/TrustTunnel/TrustTunnel/commit/aa5060145506952b9431b0ed3edb52Patch
- https://github.com/TrustTunnel/TrustTunnel/security/advisories/GHSA-fqh7-r5gf-3rExploitVendor AdvisoryPatch
FAQ
What is CVE-2026-24904?
CVE-2026-24904 is a vulnerability with a CVSS score of 5.3 (MEDIUM). TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In `tls_listener.rs`, `TlsListener::listen()` peeks 1024 bytes and calls `extract_client_random(...)`....
How severe is CVE-2026-24904?
CVE-2026-24904 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-24904?
Check the references section above for vendor advisories and patch information. Affected products include: Adguard Trusttunnel.