Description

Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.

Related CPE's

a

signalk

signal_k_server

Vulnerable

References

https://github.com/SignalK/signalk-server/releases/tag/v2.19.0

Release Notes

https://github.com/SignalK/signalk-server/security/advisories/GHSA-fpf5-w967-rr2m

ExploitVendor Advisory

Weaknesses

[email protected]

Primary
CWE-200

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-01T19:15:53.630Z

3 weeks ago

Last modified

2026-01-06T17:58:57.153Z

2 weeks ago