CVE-2026-25740 | THREATINT

Description

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.

PUBLISHED Reserved 2026-02-05 | Published 2026-02-09 | Updated 2026-02-10 | Assigner GitHub_M

MEDIUM: 5.8CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-250: Execution with Unnecessary Privileges

Product status

<= 25.05

affected

References

github.com/...ixpkgs/security/advisories/GHSA-wc3r-c66x-8xmc

github.com/NixOS/nixpkgs/pull/487775

github.com/NixOS/nixpkgs/pull/487779

cve.org (CVE-2026-25740)

nvd.nist.gov (CVE-2026-25740)

Download JSON