Lucene search
+L

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.14 views

CVE-2026-45727

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS5.5AI score0.00475EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 5:23 p.m.11 views

CVE-2026-45727 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 5:23 p.m.6 views

CVE-2026-45727 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS6AI score0.00475EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 5:23 p.m.67 views

CVE-2026-45727 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakser...

8.8CVSS0.00475EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/18 5:50 p.m.8 views

Directory Traversal

Overview cloakbrowser is a Stealth Chromium that passes every bot detection test. Drop-in Playwright replacement with source-level fingerprint patches. Affected versions of this package are vulnerable to Directory Traversal via the fingerprint parameter in the cloakserve process. An attacker can...

8.8CVSS6.5AI score0.00475EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 5:50 p.m.19 views

CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/18 5:50 p.m.7 views

GHSA-MF33-GV72-W2H5 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.29 views

PT-2026-41798

Name of the Vulnerable Software and Affected Versions CloakBrowser versions prior to 0.3.28 Description The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker...

8.8CVSS5.9AI score0.00475EPSS
Exploits0References9
Rows per page
Query Builder