gravitational/teleport

gravitational/teleport

Releases6.72K

Frequency13 hours

Last Release about 15 hours ago

Stars20.4K

The easiest, and most secure way to access and protect all of your infrastructure.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-49825 ↗	Jun 17, 2025Tuesday, 17 June 2025, 22:15	9.8 CRITICAL	—
Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.
CVE-2022-36633 ↗	Aug 24, 2022Wednesday, 24 August 2022, 13:15	8.8 HIGH	—
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
CVE-2021-41393 ↗	Sep 18, 2021Saturday, 18 September 2021, 16:15	9.8 CRITICAL	7.5 HIGH
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVE-2021-41394 ↗	Sep 18, 2021Saturday, 18 September 2021, 16:15	5.3 MEDIUM	5 MEDIUM
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVE-2021-41395 ↗	Sep 18, 2021Saturday, 18 September 2021, 16:15	6.5 MEDIUM	6.4 MEDIUM
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.