Prototype Read Vulnerability in Signal K Server by Signal K
CVE-2026-35038

2.1LOW

Key Information:

Vendor: Signalk
Status: Signalk-server
Vendor: CVE Published:; 2 April 2026

What is CVE-2026-35038?

The Signal K Server, a central hub application for maritime environments, contains a vulnerability that allows low-privileged authenticated users to bypass prototype boundary filtering. This results in unauthorized access to internal functions and properties associated with the global prototype object. This breach of data isolation permits users to read more data than intended, potentially leading to unauthorized information disclosure. The vulnerability has been addressed in version 2.24.0, which mitigates the associated risks.

Affected Version(s)

signalk-server < 2.24.0

References

https://github.com/SignalK/signalk-server/security/adviso...

x_refsource_CONFIRM

https://github.com/SignalK/signalk-server/releases/tag/v2...

x_refsource_MISC

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-35038 Data

JSON

Signalk

What is CVE-2026-35038?

Affected Version(s)

References

CVSS V4

Timeline