4 matches found
CVE-2022-26255
CVE-2022-26255 affects Clash for Windows v0.19.8. The issue allows arbitrary code execution via a crafted payload injected into the Proxies name column. Connected sources corroborate the impact across multiple records (Red Hat, NVD, OSV, CNNVD, PT Security) without specifying a vendor-provided pa...
CVE-2023-24205
CVE-2023-24205 affects Clash for Windows v0.20.12, with a remote code execution (RCE) vulnerability exploitable via overwriting the configuration file (cfw-setting.yaml). The NVD/NVD-derived metrics assign CVSSv3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Root cau...
CVE-2022-40126
CVE-2022-40126 describes a misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 that allows privilege escalation and arbitrary command execution when Service Mode is activated. Public sources consistently identify the affected software as Clash for Windows and the v...
CVE-2020-24772
Affected software: Dreamacro Clash for Windows v0.11.4. The vulnerability arises when an attacker embeds a malicious iframe in a website with a crafted URL that launches the Clash Windows client and forces it to open a remote SMB share. Windows will perform NTLM authentication when accessing the ...