No, they don't have access to the Wireguard keys and everything is point-to-point. They'd have to push a backdoored software update to gain access (and this is a threat with any vendor product).
IIUC Tailscale controls key distribution, so you'd still have to trust them. However, it might still be possible to eliminate that need for trust by verifying peer connections out of band.