Skip to main content

Clash Verge Service Ipc

1 CVEs product

Monthly

CVE-2026-26422 HIGH PATCH This Week

Local privilege escalation in clash-verge-service-ipc before 2.3.0 allows unprivileged local users on macOS and Linux to interact with a world-reachable IPC socket exposed by the privileged Clash Verge service, enabling them to invoke service operations that run with elevated rights. The upstream fix (PR #23) restricts IPC permissions to 0750 on the directory and 0660 on the socket, and the patched dependency was incorporated into the Clash Verge Rev desktop client. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.

Privilege Escalation Clash Verge Service Ipc
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.0%
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in clash-verge-service-ipc before 2.3.0 allows unprivileged local users on macOS and Linux to interact with a world-reachable IPC socket exposed by the privileged Clash Verge service, enabling them to invoke service operations that run with elevated rights. The upstream fix (PR #23) restricts IPC permissions to 0750 on the directory and 0660 on the socket, and the patched dependency was incorporated into the Clash Verge Rev desktop client. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.

Privilege Escalation Clash Verge Service Ipc
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy