Product

Cloakbrowser (<= 0.3.27)

1 brief RSS

CloakBrowser cloakserve Unauthenticated Path Traversal Leading to Arbitrary Directory Deletion (CVE-2026-45727)

An unauthenticated path traversal vulnerability exists in CloakBrowser's cloakserve component (versions 0.3.27 and earlier) where a crafted fingerprint query parameter with path traversal sequences can be used to delete arbitrary directories accessible to the service user (CVE-2026-45727).

cloakbrowser path-traversal directory-deletion CVE-2026-45727

2r 1t 2d ago