CVE-2026-25740
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation via CAP_NET_RAW in Captive Browser

Publication date: 2026-02-09

Last updated on: 2026-02-09

Assigner: GitHub, Inc.

Description
captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-09
Last Modified
2026-02-09
Generated
2026-05-07
AI Q&A
2026-02-09
EPSS Evaluated
2026-05-05
NVD
CVE-2026-25740
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
nixos captive_browser to 25.11 (exc)
nixos captive_browser 25.11
nixos captive_browser 26.05
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-250 The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the captive browser, a dedicated Chrome instance used to log into captive portals without changing DNS settings. In versions 25.05 and earlier, when the programs.captive-browser feature is enabled, any user on the system can execute arbitrary commands with the CAP_NET_RAW capability. This capability allows binding to privileged ports and spoofing localhost traffic from privileged services, which can lead to unauthorized actions.

The issue is fixed in versions 25.11 and 26.05.


How can this vulnerability impact me? :

This vulnerability can allow any user on the affected system to run arbitrary commands with elevated network privileges (CAP_NET_RAW). This means an attacker could bind to privileged network ports or spoof traffic from trusted local services, potentially leading to unauthorized network access, data interception, or manipulation of network communications.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade the captive browser to version 25.11 or later, as the issue is fixed in versions 25.11 and 26.05.

Additionally, if possible, disable the programs.captive-browser feature until the upgrade is applied to prevent users from exploiting the CAP_NET_RAW capability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart