A critical zero-day vulnerability has been discovered in Atlas VPN’s Linux client [1] [4] [5] [7] [8], version 1.0.3 [2] [4] [9], which is based on WireGuard. This vulnerability poses a significant privacy risk to users as it allows an attacker to expose a user’s actual IP address by simply visiting a website [9].


The exploit takes advantage of an unauthenticated API endpoint in the Linux client [5] [8], which listens on localhost without authentication [6] [9]. This means that anyone [2], including websites [9], can issue commands to the VPN client’s command-line interface [2] [5] [8] [9]. By tricking a user into visiting a website [6], the attacker can disconnect the VPN session and reveal the user’s IP address [2] [5] [9]. The exploit bypasses Cross-Origin Resource Sharing (CORS) protections in web browsers [6] [9], making it even more dangerous. A proof of concept exploit has been shared on Reddit [2] [5] [8], demonstrating how the API can be abused to reveal a user’s IP address [5] [8].

The vulnerability is related to the HTTP server used by Atlas VPN for accepting CLI commands [4], which does not have any authentication in place [4]. This allows unauthorized access to the server [4], enabling threat actors to disconnect the VPN and potentially leak the user’s IP address [4]. The researcher who discovered the vulnerability initially contacted Atlas VPN about it [5] [8], but received no response, leading to public disclosure [5]. However, Atlas VPN has now acknowledged the vulnerability and is actively working on a patch to fix it. Linux users will be notified once the update is available [5] [9].


This vulnerability only affects the Linux client of Atlas VPN and does not impact other Atlas VPN apps [3]. Users of the Linux client are advised to take immediate precautions and consider alternative VPN solutions while browsing the web. To address this vulnerability [1] [4] [8] [9], users are advised to upgrade to version 1.0.3 of Atlas VPN [4]. The impact of this vulnerability is significant as it exposes users’ IP addresses, compromising their privacy. It is crucial for Atlas VPN to promptly release the patch to mitigate the risk and prevent further exploitation. This incident also highlights the importance of timely response and communication from companies when vulnerabilities are reported.


[1] https://www.infosecurity-magazine.com/news/zero-day-flaw-exposes-atlas-vpn/
[2] https://www.blackhatethicalhacking.com/news/atlas-vpns-critical-flaw-zero-day-leak-of-user-real-ip-addresses/
[3] https://www.linuxinsider.com/story/atlas-vpn-linux-leak-exposes-users-ip-addresses-177164.html
[4] https://cybersecuritynews.com/atlasvpn-zero-day-vulnerability/
[5] https://www.redpacketsecurity.com/atlas-vpn-zero-day-vulnerability-leaks-users-real-ip-address/
[6] https://www.darkreading.com/application-security/atlasvpn-linux-zero-day-disconnects-users-reveals-ip-addresses
[7] https://www.techradar.com/pro/security/atlas-vpn-security-flaw-leaked-users-real-ip-address
[8] https://nsaneforums.com/news/security-privacy-news/atlas-vpn-zero-day-vulnerability-leaks-users-real-ip-address-r18374/
[9] https://cybermaterial.com/vpn-vulnerability-discloses-user-ip/