CVE-2026-39880 — MEDIUM (5.0)

Q: How severe is CVE-2026-39880?

CVE-2026-39880 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-39880?

Check the references section above for vendor advisories and patch information. Affected products include: Remnawave Remnawave Backend.

Vulnerability Description

Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell subscriptions and consume excessive traffic. This vulnerability is fixed in 2.7.5.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Remnawave	Remnawave Backend	<= 2.7.4

Related Weaknesses (CWE)

CWE-362

References

https://github.com/remnawave/backend/security/advisories/GHSA-985p-44h5-v3pqExploitVendor Advisory

FAQ

What is CVE-2026-39880?

CVE-2026-39880 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configu...

How severe is CVE-2026-39880?

CVE-2026-39880 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-39880?

Check the references section above for vendor advisories and patch information. Affected products include: Remnawave Remnawave Backend.