CVE-2026-45727
Path Traversal in CloakBrowser cloakserve
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cloakbrowser | cloakbrowser | to 0.3.27 (inc) |
| cloakbrowser | cloakbrowser | to 0.3.28 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-45727 is an unauthenticated path traversal vulnerability in the cloakserve component of CloakBrowser. The issue occurs because the user-supplied fingerprint parameter is directly used as a filesystem path component when creating Chrome profile directories. An attacker can craft a fingerprint value containing path traversal sequences (like "../") to escape the intended directory and cause the service to delete arbitrary directories when cleaning up.
Additionally, cloakserve is bound to 0.0.0.0 by default, exposing it to network access, which allows remote attackers to exploit this vulnerability without authentication.
How can this vulnerability impact me? :
This vulnerability allows an attacker with network access to the cloakserve port to delete any directories accessible to the service user by exploiting the path traversal flaw. This can lead to loss of important data or disruption of service due to arbitrary directory deletion.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic to identify any requests to the cloakserve port that include suspicious fingerprint parameter values containing path traversal sequences such as "../".
Additionally, checking the version of the cloakbrowser software installed can help determine if the system is vulnerable (versions up to and including 0.3.27 are affected).
Suggested commands include:
- Use network monitoring tools (e.g., tcpdump or Wireshark) to capture traffic on the cloakserve port and filter for requests containing "../" in the fingerprint parameter.
- Check the installed version of cloakbrowser with a command like `cloakserve --version` or by inspecting the package version.
- Audit filesystem logs or monitor for unexpected directory deletions in the user_data_dir or parent directories.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the cloakbrowser software to version 0.3.28 or later, where this vulnerability has been patched.
Additionally, restrict network access to the cloakserve port to prevent unauthenticated attackers from reaching the service, since it is bound to 0.0.0.0 by default and exposed to the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an unauthenticated attacker to perform arbitrary directory deletion on the system where CloakBrowser's cloakserve component is running. This could lead to loss or tampering of data stored on the affected system.
Such unauthorized deletion or manipulation of data could impact compliance with data protection regulations like GDPR or HIPAA, which require organizations to ensure the confidentiality, integrity, and availability of sensitive data.
If sensitive or regulated data is stored within the directories accessible to the cloakserve service user, this vulnerability could result in data loss or disruption of services, potentially leading to non-compliance with these standards.
Mitigations such as upgrading to version 0.3.28 or later and restricting network access to the cloakserve port are necessary to reduce the risk and maintain compliance.