Vulnerability Description
captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.
Related Weaknesses (CWE)
References
- https://github.com/NixOS/nixpkgs/pull/487775
- https://github.com/NixOS/nixpkgs/pull/487779
- https://github.com/NixOS/nixpkgs/security/advisories/GHSA-wc3r-c66x-8xmc
FAQ
What is CVE-2026-25740?
CVE-2026-25740 is a documented vulnerability. captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can r...
How severe is CVE-2026-25740?
CVSS scoring is not yet available for CVE-2026-25740. Check NVD for updates.
Is there a patch for CVE-2026-25740?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.