Nebula

v1.10.3 Security

This release patches 2 CVEs for security teams tracking exposure across their dependency inventory.

Published 3mo VPN & Tunnels

View tool

2 patched CVEs

Read the diff → Tool health → What is this tool? →

This release patches 2 known CVEs GHSA-69x3-g4r3-p962 GO-2026-4458

2 CVEs patched

Summary

AI summary

Security fix for P256 curve blocklist bypass vulnerability allowing invalid certificates to be accepted. Both signature representations now validated. New certificates clamped to low-s form. Improved tun device naming error reporting.

Breaking Changes

P256 signature validation enforcement

Security Fixes

GHSA-69x3-g4r3-p962 (P256 blocklist bypass)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Nebula

Get notified when new releases ship.

About Nebula

A scalable overlay networking tool with a focus on performance, simplicity and security

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]