Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-25740

CVE-2026-25740

MEDIUM5.8

Privilege escalation to the `CAP_NET_RAW` capability via the `programs.captive-browser` NixOS module

Published Feb 9, 2026

Modified 1 months ago

Details

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.

References

https://github.com/NixOS/nixpkgs/pull/487775

https://github.com/NixOS/nixpkgs/pull/487779

https://github.com/NixOS/nixpkgs/security/advisories/GHSA-wc3r-c66x-8xmc

https://www.cve.org/CVERecord?id=CVE-2026-25740

CVSS Analysis

CVSS v4.0

5.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Attack Requirements

PresentAT:P

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

LowVC:L

Vuln. Integrity

NoneVI:N

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

5.8/CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Weakness Type (CWE)

Configuration

Unnecessary Privileges

Ecosystems

Timeline

PublishedFeb 9, 2026

ModifiedFeb 10, 2026

CVE-2026-25740 | Mondoo Vulnerability Intelligence