EXECUTIVE SUMMARY:
A high severity vulnerability was discovered CVE-2026-25793 in Nebula, an open-source scalable overlay networking tool, affecting versions where P256 certificates are used. Due to ECDSA signature malleability, an attacker with access to a private key could generate a functionally equivalent certificate with a different fingerprint that bypasses existing blocklist entries, undermining blocklist-based defenses and enabling unauthorized network operations. Exploitation requires specific conditions including use of P256 certificates, valid blocklist entries, and possession of a corresponding private key, but if met, could allow an adversary to evade cryptographic filters and maintain undetected communication within compromised environments. Mitigation is available via software update to a patched release, and temporary workarounds include updating blocklists with alternate signature fingerprints or rotating certificate authorities to prevent exploitation. The vulnerability has a CVSS score of 7.6.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details: