How severe is CVE-2022-40126?

CVE-2022-40126 has a CVSS v3 score of 7.8 (HIGH).

CVE-2022-40126

Name: clash
Author: clash_project

7.8HIGH

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

Publicado: 9/29/2022Actualizado: 5/21/2025

Descripción

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

Análisis IAImpulsado por IA

Productos Afectados

clash_projectclash

0.19.9

Referencias

https://github.com/Fndroid/clash_for_windows_pkg/issues/3405
ExploitIssue TrackingThird Party Advisory
https://github.com/Fndroid/clash_for_windows_pkg/issues/3405
ExploitIssue TrackingThird Party Advisory