Full Report
Tailscale is a mesh VPN service. A network connection is established with Wireguard to one another on demand. To execute the website code for a VPN user, it will use the V8 engine. The security features for connected to privileged sockets and the Same Origin Policy (SOP) apply as well. The setup was vulnerable to DNS rebinding attacks. This means that although the original DNS request mapped to some domain, on the next DNS request it will map to something else. What would be good to map to? 127.0.0.1 or localhost of course! Since we're now on the localhost, we have the permissions to all the API without any authentication. This gives us the ability to introspect and reconfigure the tailscaled binary used for configuring the service. What can we do with this issue? Accessing private keys from the node is possible with this. Using the previous vulnerability, many other things can be hit. A PATCH request to the preferences API can be used to update the control plane server. This allows us backdoored access to the network that this computer is on. When using this URL, it is specified as a parameter to open up a web browser. This can be used to open arbitrary binaries from the internet; absolutely amazing. The issue above has the Mark of the Web, meaning a user is asked whether or not this can be executed. The application can be configured for the proxy to NOT mark stuff with the Mark of the Web! This means we can download an executable to the local machine and use the previous bug to execute it without any other popups. After getting code execution on the device, they go more into how the DNS rebinding affects different browsers and different operators systems. They learned that the attack they were using worked fine locally but NOT remotely because of the browser protections in Chrome. FireFox was exploitable from a remote context though. The Tailscaled server runs a web server at 100.100.100.100. Since this isn't considered a private address, this is vulnerable to rebinding attacks. They also found that the PeerAPI was vulnerable to the rebinding as well. The security model of Tailscale says to use authentication based upon network position. This is not a great thing to do with the threat of DNS rebinding. Overall, an interesting piece of research into the VPN and a good representation of the dangers of DNS rebinding. Good work!
Analysis Summary
# Vulnerability: Remote Code Execution via DNS Rebinding in Tailscale LocalAPI
## CVE Details
- **CVE ID:** CVE-2022-41924
- **CVSS Score:** 9.6 (Critical) - *Estimate based on impact; vendor advisory classifies as High/Critical.*
- **CWE:** CWE-350 (Reliance on Reverse DNS Resolution for Security-Critical Decisions), CWE-290 (Authentication Bypass by Spoofing)
## Affected Systems
- **Products:** Tailscale Client
- **Versions:** All versions prior to v1.32.3
- **Configurations:**
- Windows machines are at highest risk due to the LocalAPI binding to a TCP port (`127.0.0.1:41112`).
- Systems running web browsers (Chrome, Firefox) that can be induced to visit malicious websites.
- Services on the "Tailnet" using 100.100.100.100 (PeerAPI) without Host header validation.
## Vulnerability Description
The vulnerability stems from the Tailscale LocalAPI (specifically on Windows) and the PeerAPI (across platforms) failing to validate the HTTP `Host` header. While Windows uses a TCP loopback socket for its API, it relied on simple IP-based authentication.
An attacker can use **DNS Rebinding** to bypass the Same-Origin Policy (SOP). By tricking a user into visiting a malicious site, the attacker's domain initially resolves to a remote IP but then "rebinds" to `127.0.0.1` or `100.100.100.100`. The browser, believing it is still talking to the attacker's site, sends requests to the local Tailscale API. Because the API did not verify that the `Host` header matched an expected value, it processed these unauthorized requests.
## Exploitation
- **Status:** PoC Available / Documented by researchers.
- **Complexity:** Medium (Requires DNS rebinding setup and user interaction).
- **Attack Vector:** Network (Remote via Browser).
## Impact
- **Confidentiality:** Total. Attackers can steal private keys, node information, and read configuration.
- **Integrity:** Total. Attackers can reconfigure the `tailscaled` binary, change the control plane server (backdoor the network), and modify preferences.
- **Availability:** High. Attackers can disconnect the node or alter routing.
- **Remote Code Execution (RCE):** By chaining the API access, attackers can update the `AuthURL` to point to a malicious binary. On Windows, they can trigger the browser to download and execute files without "Mark of the Web" warnings by disabling proxy security features via the API.
## Remediation
### Patches
- **Update to Tailscale v1.32.3 or later.** Tailscale does not always auto-update; administrators must verify versions via the admin console.
### Workarounds
- Implement an allowlist of expected HTTP `Host` headers for any non-HTTPS web services running on your Tailnet.
- Use Tailscale’s built-in TLS certificate support to enforce HTTPS (via Caddy or native support), which mitigates rebinding since the attacker cannot provide a valid TLS certificate for the local/internal domain.
## Detection
- **Indicators of Compromise:** Unusual DNS traffic pattern (short TTLs, shifting IPs for a single domain). Unexpected changes to Tailscale configuration (e.g., modified `UnsecureServerURL` or `LoginServer`).
- **Detection methods:** Audit Tailscale logs for LocalAPI calls originating from unexpected browser-based user agents or containing suspicious domain names in the headers.
## References
- Tailscale Security Bulletin TS-2022-004: `https://tailscale.com/security-bulletins/`
- Tailscale Blog: `https://tailscale.com/blog/windows-security-vulnerabilities/`
- Vulnerability Research: `https://emily.id.au/CVE-2022-41924`
- Hardening Guide: `https://tailscale.com/kb/1196/security-hardening/#prevent-dns-rebinding-attacks`