Security Advisory

CVE-2026-25740

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-09 20:17:16

Last updated 2026-02-10 15:59:39

Assigner GitHub_M

State PUBLISHED

Description

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.

← Browse all CVEs View on cve.org ↗