5 matches found
CVE-2026-26422
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
EUVD-2026-34977
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
CVE-2026-26422
clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...
CVE-2025-50505
CVE-2025-50505 affects Clash Verge Rev up to 2.2.3 (fixed in 2.3.0). An unauthenticated HTTP API on 127.0.0.1:33211 (/start_clash) allows local users to submit arbitrary bin_path, config_dir, config_file, and log_file values which are passed to the service process (clash-verge-service) for execut...
Exploit for CVE-2025-50505
CVE-2025-50505 Unauthorized API Leads to Arbitrary Command Ex...