Vulnerabilities > Clash Project > Clash > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2022-40126 | Files or Directories Accessible to External Parties vulnerability in Clash Project Clash 0.19.9 A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | 7.8 |
| 2022-03-21 | CVE-2020-24772 | Origin Validation Error vulnerability in Clash Project Clash 0.11.4 In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. | 8.8 |