How severe is CVE-2022-40126?

CVE-2022-40126 has a CVSS v3 score of 7.8 (HIGH).

CVE-2022-40126

Name: clash
Author: clash_project

7.8HIGH

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

Published: 9/29/2022Updated: 5/21/2025

Description

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

AI AnalysisPowered by AI

Affected Products

clash_projectclash

0.19.9

References

https://github.com/Fndroid/clash_for_windows_pkg/issues/3405
ExploitIssue TrackingThird Party Advisory
https://github.com/Fndroid/clash_for_windows_pkg/issues/3405
ExploitIssue TrackingThird Party Advisory