๐Ÿ” CVE Alert

CVE-2026-26422

HIGH 8.4
CVSS Score
8.4
EPSS Score
0.0%
EPSS Percentile
0th

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.

CWE CWE-732
Vendor clash verge rev
Product clash-verge-service-ipc
Published Jun 6, 2026
Last Updated Jun 8, 2026
Stay Ahead of the Next One

Get instant alerts for clash verge rev clash-verge-service-ipc

Be the first to know when new high vulnerabilities affecting clash verge rev clash-verge-service-ipc are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Clash Verge Rev / clash-verge-service-ipc
0 < 2.3.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/clash-verge-rev/clash-verge-rev/commit/3bbcdbe5caacc2ffb713af69f2c93e202573f918 kaguranaku.me: https://kaguranaku.me/posts/CVE-2026-26422/ github.com: https://github.com/clash-verge-rev/clash-verge-service-ipc/releases/tag/v2.3.0