{"id":"GO-2026-5698","summary":"nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.) in github.com/juev/nebula-mesh","details":"nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Options, HSTS, etc.) in github.com/juev/nebula-mesh","aliases":["CVE-2026-47723","GHSA-w7w5-5gcp-38rw"],"modified":"2026-06-25T23:01:38.778188179Z","published":"2026-06-25T22:34:38Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2026-5698"},"references":[{"type":"ADVISORY","url":"https://github.com/juev/nebula-mesh/security/advisories/GHSA-w7w5-5gcp-38rw"},{"type":"WEB","url":"https://github.com/forgekeep/nebula-mesh/commit/b45fda5476c41ffcff1ca23058aef0fb851359c1"},{"type":"WEB","url":"https://github.com/forgekeep/nebula-mesh/releases/tag/v0.3.1"}],"affected":[{"package":{"name":"github.com/juev/nebula-mesh","ecosystem":"Go","purl":"pkg:golang/github.com/juev/nebula-mesh"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.3.1"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-5698.json"}}],"schema_version":"1.7.5"}