CVE-2026-26422

Published: Giu 07, 2026 Last Modified: Giu 07, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,4
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.

732

Incorrect Permission Assignment for Critical Resource

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Access Control Integrity Other
Potential Impacts:
Read Application Data Read Files Or Directories Gain Privileges Or Assume Identity Modify Application Data Other
Applicable Platforms
Technologies: Not Technology-Specific, Cloud Computing
Likelihood of Exploit: High
View CWE Details
https://github.com/clash-verge-rev/clash-verge-rev/commit/3…
https://github.com/clash-verge-rev/clash-verge-rev/commit/3bbcdbe5caacc2ffb713a…
https://github.com/clash-verge-rev/clash-verge-service-ipc/…
https://github.com/clash-verge-rev/clash-verge-service-ipc/releases/tag/v2.3.0
https://kaguranaku.me/posts/CVE-2026-26422/
https://kaguranaku.me/posts/CVE-2026-26422/