Nekohasekai

**Name of the Vulnerable Software and Affected Versions** Sing-box versions prior to 1.4.4 Sing-box versions prior to 1.5.0-rc.4 **Description** The issue affects all SOCKS5 inbounds with user authentication in Sing-box, allowing an attacker to bypass authentication when specially crafted requests are sent. Users unable to update should not expose the SOCKS5 inbound to insecure environments. **Recommendations** Update to sing-box 1.4.4 or to 1.5.0-rc.4 to resolve the issue. As a temporary workaround, do not expose the SOCKS5 inbound to insecure environments.