CVE-2026-24904

Date: January 29, 2026

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In "tls_listener.rs", "TlsListener::listen()" peeks 1024 bytes and calls "extract_client_random(...)". If "parse_tls_plaintext" fails (for example, a fragmented/partial ClientHello split across TCP writes), "extract_client_random" returns "None". In "rules.rs", "RulesEngine::evaluate" only evaluates "client_random_prefix" when "client_random" is "Some(...)". As a result, when extraction fails ("client_random == None"), any rule that relies on "client_random_prefix" matching is skipped and evaluation falls through to later rules. As an important semantics note: "client_random_prefix" is a match condition only. It does not mean "block non-matching prefixes" by itself. A rule with "client_random_prefix = ..." triggers its "action" only when the prefix matches (and the field is available to evaluate). Non-matches (or "None") simply do not match that rule and continue to fall through. The vulnerability is fixed in version 0.9.115.