← Voltar para CVEs
CVE-2026-25740
N/ADescricao
captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado2/9/2026
Ultima modificacao2/9/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-250
Referencias
https://github.com/NixOS/nixpkgs/pull/487775(security-advisories@github.com)
https://github.com/NixOS/nixpkgs/pull/487779(security-advisories@github.com)
https://github.com/NixOS/nixpkgs/security/advisories/GHSA-wc3r-c66x-8xmc(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.