{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/neko/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-39386"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Neko"],"_cs_severities":["critical"],"_cs_tags":["neko","privilege-escalation","CVE-2026-39386","linux"],"_cs_type":"advisory","_cs_vendors":["Neko"],"content_html":"\u003cp\u003eNeko is a self-hosted virtual browser that runs in Docker and utilizes WebRTC. Versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 contain a critical vulnerability (CVE-2026-39386) that allows any authenticated user to immediately gain full administrative control over the entire Neko instance. This includes member management, room settings, broadcast control, and session termination. Successful exploitation results in a complete compromise of the affected Neko instance, potentially exposing sensitive data and allowing unauthorized actions. This vulnerability has been patched in versions 3.0.11 and 3.1.2. Defenders should prioritize upgrading vulnerable instances immediately.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the Neko instance using valid user credentials.\u003c/li\u003e\n\u003cli\u003eAttacker sends a crafted API request to the \u003ccode\u003e/api/profile\u003c/code\u003e endpoint (if enabled).\u003c/li\u003e\n\u003cli\u003eThe vulnerable code in Neko processes the request without proper authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the vulnerability to modify their user role or other administrative settings.\u003c/li\u003e\n\u003cli\u003eThe attacker gains administrative privileges within the Neko instance.\u003c/li\u003e\n\u003cli\u003eAttacker manipulates member management, room settings, broadcast controls, or terminates sessions.\u003c/li\u003e\n\u003cli\u003eThe attacker can exfiltrate data, modify system configurations, or disrupt services.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves full control of the Neko instance, compromising all hosted browsing sessions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-39386 allows any authenticated user to gain complete administrative control over the Neko instance. This can lead to unauthorized access to browsing sessions, data exfiltration, modification of system configurations, and disruption of services. The impact is significant, potentially affecting any organization utilizing Neko for secure or isolated browsing. The number of victims will depend on the number of Neko instances exposed and the number of internal users with access to Neko.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Neko instances to version 3.0.11 or 3.1.2 to patch CVE-2026-39386 immediately.\u003c/li\u003e\n\u003cli\u003eRestrict access to the \u003ccode\u003e/api/profile\u003c/code\u003e endpoint, if feasible, as a temporary mitigation.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect attempts to exploit this vulnerability in Neko webserver logs.\u003c/li\u003e\n\u003cli\u003eMonitor Neko instance logs for suspicious privilege changes or unexpected administrative actions.\u003c/li\u003e\n\u003cli\u003ePlace the Neko instance behind authentication layers, such as a reverse proxy with additional access controls.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-neko-privesc/","summary":"An authenticated user can escalate privileges to full administrative control in Neko versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 due to CVE-2026-39386, leading to complete compromise of the instance.","title":"Neko Authenticated User Privilege Escalation (CVE-2026-39386)","url":"https://feed.craftedsignal.io/briefs/2024-01-neko-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed - Neko","version":"https://jsonfeed.org/version/1.1"}