CVE-2026-45727
published 2026-06-01CVE-2026-45727: CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query…
PriorityP259high8.8CVSS 4.0
AVNACLATNPRNUINVCNVIHVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.47%
37.5th percentile
CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal sequences to resolve user_data_dir outside the configured data_dir. When Chrome fails to start or the process is cleaned up, shutil.rmtree() deletes the traversed path, resulting in arbitrary directory deletion. Additionally, cloakserve bound to 0.0.0.0 by default, making it network-exposed. This issue has been patched in version 0.3.28.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloakhq | cloakbrowser | < 0.3.28 | 0.3.28 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
CloakHQ CloakBrowser up to 0.3.27 Fileystem Path shutil.rmtree path traversal (GHSA-mf33-gv72-w2h5)
vuldb·2026-06-01·CVSS 8.8
CVE-2026-45727 [HIGH] CloakHQ CloakBrowser up to 0.3.27 Fileystem Path shutil.rmtree path traversal (GHSA-mf33-gv72-w2h5)
A vulnerability described as critical has been identified in CloakHQ CloakBrowser up to 0.3.27. This impacts the function shutil.rmtree of the component Fileystem Path. Executing a manipulation can lead to path traversal.
This vulnerability is registered as CVE-2026-45727. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
GHSA
CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion
ghsa·2026-05-18
CVE-2026-45727 [HIGH] CWE-22 CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion
CloakBrowser: Unauthenticated path traversal via fingerprint parameter in cloakserve leads to arbitrary directory deletion
The `cloakserve` CDP multiplexer uses the user-supplied `fingerprint` query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted `fingerprint` value containing path traversal sequences to resolve `user_data_dir` outside the configured `data_dir`. When Chrome fails to start or the process is cleaned up, `shutil.rmtree()` deletes the traversed path, resulting in arbitrary directory deletion.
Additionally, `cloakserve` bound to `0.0.0.0` by default, making it network-exposed.
### Impact
An attacker with network access to the cloakserve port can del
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-01
Published