CVE-2026-45727

UNKNOWN 0.0

CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal sequences to resolve user_data_dir outside the configured data_dir. When Chrome fails to start or the process is cleaned up, shutil.rmtree() deletes the traversed path, resulting in arbitrary directory deletion. Additionally, cloakserve bound to 0.0.0.0 by default, making it network-exposed. This issue has been patched in version 0.3.28.

CWE	CWE-22
Vendor	cloakhq
Product	cloakbrowser
Published	Jun 1, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for cloakhq cloakbrowser

Be the first to know when new unknown vulnerabilities affecting cloakhq cloakbrowser are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CloakHQ / CloakBrowser

< 0.3.28

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/CloakHQ/CloakBrowser/security/advisories/GHSA-mf33-gv72-w2h5