Medium severityNVD Advisory· Published Feb 9, 2026· Updated Apr 15, 2026

CVE-2026-25740

Description

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/NixOS/nixpkgs/pull/487775nvd
github.com/NixOS/nixpkgs/pull/487779nvd
github.com/NixOS/nixpkgs/security/advisories/GHSA-wc3r-c66x-8xmcnvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000