CVE-2026-25740Execution with Unnecessary Privileges in Nixpkgs

CWE-250Execution with Unnecessary Privileges1 documents1 sources
Severity
5.8MEDIUMNVD
EPSS
0.0%
top 99.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nixos Nixpkgs
Timeline
PublishedFeb 9

Description

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5nixos/nixpkgs25.05