Argument injection in Tailscale SSH let non-root users grab a root shell
Original source
TS-2026-009: Insecure argument handling in Tailscale SSH permitted root access
Hacker News →Tailscale patched two flaws in version 1.98.9, disclosed as TS-2026-009 and TS-2026-008. The more serious, TS-2026-009, was a classic argument-injection bug in Tailscale SSH on Linux. Usernames were passed unsanitized to getent(1), so a username beginning with a dash was parsed as a command-line flag rather than a name. Connecting as the user “-i” was read as getent’s —no-idn option, which dumped the entire passwd file starting at root and dropped the attacker into an interactive root session. Any user with SSH access to a node — including those meant to be confined by autogroup:nonroot ACL restrictions — could escalate to root, defeating the access-control policy entirely. The fix simply rejects usernames with leading dashes.
The companion bug, TS-2026-008, was a denial-of-service issue in Tailscale Serve and Funnel. The proxy resolved request handlers by walking the request path upward one directory at a time, assuming the walk would always terminate at the root path ”/”. A request whose path didn’t start with a slash never hit that terminating condition, so the loop spun forever. With no request timeout to stop it, a single malformed HTTP request pinned one CPU core at 100% for the life of the process. The blast radius depended on exposure: Serve could be hit by any peer on the tailnet, while Funnel could be triggered by any unauthenticated host on the public internet.
Both issues were reported by Anthropic and Ada Logics. Operators running Tailscale SSH, Serve, or Funnel should upgrade to 1.98.9 or later; there is no configuration-only mitigation.
Read the full article
Continue reading at Hacker News →This is an AI-generated summary. Read the original for the full story.