PT-2026-41798 · Cloakhq+2 · Cloakbrowser

0Xlally

·

Published

2026-05-18

·

Updated

2026-06-01

·

CVE-2026-45727

CVSS v4.0

8.8

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions CloakBrowser versions prior to 0.3.28
Description The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker with network access to the cloakserve port can provide a crafted fingerprint value containing path traversal sequences to resolve user data dir outside the configured data dir. When Chrome fails to start or the process is cleaned up, the shutil.rmtree() function deletes the traversed path, leading to arbitrary directory deletion. By default, cloakserve is bound to 0.0.0.0, which makes it exposed to the network.
Recommendations Update to version 0.3.28. Restrict network access to the cloakserve port.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45727
GHSA-MF33-GV72-W2H5

Affected Products

Cloakbrowser