CVE-2026-45727

Source
https://cve.org/CVERecord?id=CVE-2026-45727
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45727.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45727
Aliases
Published
2026-06-01T17:23:50.130Z
Modified
2026-07-13T16:43:27.834173887Z
Severity
  • 8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion
Details

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal sequences to resolve userdatadir outside the configured data_dir. When Chrome fails to start or the process is cleaned up, shutil.rmtree() deletes the traversed path, resulting in arbitrary directory deletion. Additionally, cloakserve bound to 0.0.0.0 by default, making it network-exposed. This issue has been patched in version 0.3.28.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45727.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Git / github.com/cloakhq/cloakbrowser

Affected ranges

Type
GIT
Repo
https://github.com/cloakhq/cloakbrowser
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.3.28"
        }
    ]
}

Affected versions

chromium-v142.*
chromium-v142.0.7444.175
chromium-v145.*
chromium-v145.0.7632.159
chromium-v145.0.7632.159.2
chromium-v145.0.7632.159.3
chromium-v145.0.7632.159.4
chromium-v145.0.7632.159.5
chromium-v145.0.7632.159.6
chromium-v145.0.7632.159.7
chromium-v145.0.7632.159.8
chromium-v145.0.7632.159.9
chromium-v146.*
chromium-v146.0.7680.177.1
chromium-v146.0.7680.177.2
chromium-v146.0.7680.177.3
chromium-v146.0.7680.177.4
v0.*
v0.1.0
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.2.0
v0.3.0
v0.3.10
v0.3.11
v0.3.12
v0.3.13
v0.3.14
v0.3.15
v0.3.16
v0.3.17
v0.3.18
v0.3.19
v0.3.20
v0.3.21
v0.3.22
v0.3.23
v0.3.24
v0.3.25
v0.3.26
v0.3.27
v0.3.5
v0.3.6
v0.3.7
v0.3.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45727.json"