Listen to this Post
How CVE-2026-XXXXX Works
This vulnerability resides in TSDProxy, a popular reverse proxy that integrates Docker containers with Tailscale networks. By default, TSDProxy enables the `identityHeaders` option, which is designed to forward Tailscale user identity information to backend services. However, a critical flaw in the implementation causes the proxy to also forward its internal per-process authentication token—the same secret used by the management HTTP server to trust Tailscale identity claims—via the `x-tsdproxy-auth-token` header.
The root cause is twofold. First, the `ProviderUserMiddleware` unconditionally calls WhoisNewContext, and the `ReverseProxy.Rewrite` function’s `WhoisFromContext` returns `ok=true` even for unauthenticated requests with a zero-value `Whois{}` struct. As a result, the `HeaderAuthToken` is set for every request when identityHeaders=true, regardless of the user’s authentication state.
Second, the management API’s `ResolveWhois` function trusts the `x-tsdproxy-id` header when the request originates from localhost (127.0.0.1) and the authentication token is valid. An attacker who obtains the leaked token can replay it from localhost to the management port (127.0.0.1:8080) with an arbitrary `x-tsdproxy-id` value, effectively bypassing Tailscale authentication entirely. This attack vector is viable in non-Docker deployments where TSDProxy and a backend share the same host, Docker containers using host-network mode, or containers sharing TSDProxy’s network namespace.
DailyCVE Form:
Platform: TSDProxy
Version: All versions prior to fix
Vulnerability: Auth Bypass via Token Leak
Severity: Critical
date: July 10, 2026
Prediction: Patch expected within days
What Undercode Say (Analytics)
Bash commands to reproduce the vulnerability:
Capture the leaked token from a backend header-reflection endpoint
TOKEN=$(curl -s http://localhost:3000/debug/headers | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['headers'].get('X-Tsdproxy-Auth-Token',''))")
Replay the token from localhost to gain admin access to the management API
curl -H "x-tsdproxy-auth-token: $TOKEN" \
-H "x-tsdproxy-id: attacker" \
http://127.0.0.1:8080/api/v1/proxies
Affected code snippets:
// internal/proxymanager/port.go:123-132
// Auth token forwarded regardless of user authentication state
if identityHeaders {
if user, ok := model.WhoisFromContext(r.In.Context()); ok {
// ok=true even for empty Whois{} stored by ProviderUserMiddleware
r.Out.Header.Set(consts.HeaderAuthToken, core.ProxyAuthToken())
}
}
// internal/core/admin.go:160-182
// Management port trusts x-tsdproxy-id from localhost when token is valid
func ResolveWhois(r http.Request) model.Whois {
if IsLocalhost(r.RemoteAddr) {
return model.Whois{
ID: r.Header.Get(consts.HeaderID), // attacker-controlled after stealing token
}
}
return model.Whois{}
}
How Exploit:
- Token Leakage: An attacker with code execution on any backend service proxied by TSDProxy can read the `x-tsdproxy-auth-token` header from incoming HTTP requests.
- Localhost Replay: The attacker replays this token to the management API at `http://127.0.0.1:8080` from the same host, along with a forged `x-tsdproxy-id` header.
- Admin Access: The management API trusts the request because it originates from localhost and the token is valid, granting the attacker administrative privileges.
- Full Control: With admin access, the attacker can enumerate all proxy configurations, restart or pause services (causing Denial of Service), and trigger webhook deliveries (leading to Server-Side Request Forgery).
Protection:
– Upgrade: Apply the official patch that removes `HeaderAuthToken` from outgoing backend requests and guards identity-header injection on user.ID != "".
– Workaround: Disable the `identityHeaders` option if feasible.
– Network Segmentation: Ensure backend services cannot reach the management port (127.0.0.1:8080). Isolate TSDProxy’s network namespace from untrusted backends.
– Monitoring: Monitor for unusual access to the management API or unexpected `x-tsdproxy-auth-token` headers in backend logs.
Impact:
- Authentication Bypass: Complete bypass of Tailscale authentication.
- Full Management API Control: Attacker gains administrative access to TSDProxy.
- Denial of Service: Ability to restart or pause all proxied services.
- Information Disclosure: Enumeration of all proxy configurations and backend network topology.
- Server-Side Request Forgery (SSRF): Triggering webhook deliveries to internal or external targets.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

