CVE-2026-45182

Published: Mag 10, 2026 Last Modified: Mag 10, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,2
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let system_server transmit UDP traffic on its behalf. This occurs when the 'Block connections without VPN' and 'Always-on VPN' settings are enabled.

441

Unintended Proxy or Intermediary ('Confused Deputy')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Non-Repudiation Access Control
Potential Impacts:
Gain Privileges Or Assume Identity Hide Activities Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
View CWE Details
https://cyberinsider.com/grapheneos-fixes-android-vpn-leak-…
https://cyberinsider.com/grapheneos-fixes-android-vpn-leak-google-refused-to-pa…
https://grapheneos.org/releases#2026050400
https://grapheneos.org/releases#2026050400
https://lowlevel.fun/posts/tiny-udp-cannon-android-vpn-bypa…
https://lowlevel.fun/posts/tiny-udp-cannon-android-vpn-bypass/