Home

Description

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.

PUBLISHED Reserved 2026-02-16 | Published 2026-06-06 | Updated 2026-06-06 | Assigner mitre




HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

Any version before 2.3.0
affected

References

github.com/...ommit/3bbcdbe5caacc2ffb713af69f2c93e202573f918

kaguranaku.me/posts/CVE-2026-26422/

github.com/...ev/clash-verge-service-ipc/releases/tag/v2.3.0

cve.org (CVE-2026-26422)

nvd.nist.gov (CVE-2026-26422)

Download JSON