Vulnerabilities > CVE-2022-40126 - Files or Directories Accessible to External Parties vulnerability in Clash Project Clash 0.19.9

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
clash-project
CWE-552

Summary

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

Vulnerable Configurations

Part Description Count
Application
Clash_Project
1