CVE-2026-26422

8.4HIGH

Key Information:

Vendor

Clash Verge Rev

Status
Clash-verge-service-ipc
Vendor
CVE Published:
6 June 2026

What is CVE-2026-26422?

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.

Affected Version(s)

clash-verge-service-ipc 0 < 2.3.0

References

https://github.com/clash-verge-rev/clash-verge-rev/commit...
https://kaguranaku.me/posts/CVE-2026-26422/
https://github.com/clash-verge-rev/clash-verge-service-ip...

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.