FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tailscale -- Multiple vulnerabilities

Affected packages
tailscale < 1.98.9

Details

VuXML ID 272a2772-8367-11f1-82b9-901b0e9408dc
Discovery 2026-06-03
Entry 2026-07-19

Tailscale team reports:

Tailscale SSH Unix socket forwarding respects symlink permissions. This fix addresses a security vulnerability described in TS-2026-004.

Tailscale Serve Unix socket proxy targets are restricted to the root user. This fix addresses a security vulnerability described in TS-2026-005.

Tailscale SSH does not allow the use of UIDs or numeric-only usernames. This fix addresses a security vulnerability described in TS-2026-006.

Nodes advertising Tailscale Services filter and reject packets from service IPs on ports they do not advertise. This fix addresses a security vulnerability described in TS-2026-007.

Tailscale Serve and Tailscale Funnel terminate path walks for non-absolute paths, preventing CPU core pinning. This fix addresses a security vulnerability described in TS-2026-008.

Tailscale SSH does not allow the use of usernames with leading dashes. This fix addresses a security vulnerability described in TS-2026-009.

References

URL https://tailscale.com/changelog#2026-07-14