CVE-2026-25740
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation via CAP_NET_RAW in Captive Browser

Publication date: 2026-02-09

Last updated on: 2026-02-09

Assigner: GitHub, Inc.

Description
captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-09
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2026-02-09
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25740
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
nixos captive_browser to 25.11 (exc)
nixos captive_browser 25.11
nixos captive_browser 26.05
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-250 The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the captive browser, a dedicated Chrome instance used to log into captive portals without changing DNS settings. In versions 25.05 and earlier, when the programs.captive-browser feature is enabled, any user on the system can execute arbitrary commands with the CAP_NET_RAW capability. This capability allows binding to privileged ports and spoofing localhost traffic from privileged services, which can lead to unauthorized actions.

The issue is fixed in versions 25.11 and 26.05.

Impact Analysis

This vulnerability can allow any user on the affected system to run arbitrary commands with elevated network privileges (CAP_NET_RAW). This means an attacker could bind to privileged network ports or spoof traffic from trusted local services, potentially leading to unauthorized network access, data interception, or manipulation of network communications.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade the captive browser to version 25.11 or later, as the issue is fixed in versions 25.11 and 26.05.

Additionally, if possible, disable the programs.captive-browser feature until the upgrade is applied to prevent users from exploiting the CAP_NET_RAW capability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25740. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart