CVE-2026-25740

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-25740
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25740.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-25740
Aliases
  • GHSA-wc3r-c66x-8xmc
Published
2026-02-09T20:17:16.777Z
Modified
2026-02-10T19:35:05.853158Z
Severity
  • 5.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module
Details

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAPNETRAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-250"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25740.json"
}
References

Affected packages

Git / github.com/nixos/nixpkgs

Affected ranges

Type
GIT
Repo
https://github.com/nixos/nixpkgs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c46290747b2aaf090f48a478270feb858837bf11
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "25.05"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25740.json"