Skip to main content

Grapheneos

1 CVEs product

Monthly

CVE-2026-45182 LOW Monitor

GrapheneOS versions before 2026050400 leak the real IP address of VPN users through a registerQuicConnectionClosePayload optimization that allows applications to request system_server transmit UDP traffic on their behalf, bypassing VPN confinement when both 'Block connections without VPN' and 'Always-on VPN' are enabled. This information disclosure affects users relying on VPN privacy protections and requires local access with user interaction to trigger, resulting in a CVSS 2.2 score despite the privacy-sensitive nature of IP address leakage.

Information Disclosure Grapheneos
NVD
CVSS 3.1
2.2
EPSS
0.0%
EPSS 0% CVSS 2.2
LOW Monitor

GrapheneOS versions before 2026050400 leak the real IP address of VPN users through a registerQuicConnectionClosePayload optimization that allows applications to request system_server transmit UDP traffic on their behalf, bypassing VPN confinement when both 'Block connections without VPN' and 'Always-on VPN' are enabled. This information disclosure affects users relying on VPN privacy protections and requires local access with user interaction to trigger, resulting in a CVSS 2.2 score despite the privacy-sensitive nature of IP address leakage.

Information Disclosure Grapheneos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy