Tailscale Fixes Multiple Critical Vulnerabilities Including Root Access and DoS
TS-2026-009: Insecure argument handling in Tailscale SSH permitted root access

We released Tailscale version 1.98.9 to address several critical security flaws, including an SSH vulnerability that allowed attackers to bypass ACLs and gain root access via malformed usernames. The update also patches a denial-of-service issue in Tailscale Serve and Funnel caused by infinite loops, alongside fixes for insecure Unix socket handling and OAuth token leakage in audit logs.
"Specifically, if a user connected with the username -i this would have been interpreted as --no-idn and getent would have printed the entire passwd file contents starting with the root user, causing Tailscale to open an interactive root session."