216.73.217.64

CVE-2026-25740

· Published 09/02/2026 21:15 · Modified 09/02/2026 21:55

Labels: CVE-2026-25740 2026-02-09CVE-2026-25740CWE-250[email protected]

Essential information

Published
09/02/2026 21:15
Modified
09/02/2026 21:55
Author
Creator
CVSS
5.8 MEDIUM (v3) 5.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
chrome / browser cpe:2.3:a:chrome:browser:<25.05:*:*:*:*:*:*:*
chrome / browser cpe:2.3:a:chrome:browser:25.11:*:*:*:*:*:*:*
chrome / browser cpe:2.3:a:chrome:browser:26.05:*:*:*:*:*:*:*

References