How severe is CVE-2022-40126?

CVE-2022-40126 has a CVSS v3 score of 7.8 (HIGH).

CVE-2022-40126

Name: clash
Author: clash_project

7.8HIGH

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

Publicado: 9/29/2022Atualizado: 5/21/2025

Descrição

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

Análise IADesenvolvido por IA

Produtos Afetados

clash_projectclash

0.19.9

Referências

https://github.com/Fndroid/clash_for_windows_pkg/issues/3405
ExploitIssue TrackingThird Party Advisory
https://github.com/Fndroid/clash_for_windows_pkg/issues/3405
ExploitIssue TrackingThird Party Advisory