Path Traversal in Cloakhq Cloakbrowser

CVE-2026-45727

CloakBrowser is a tool to bypass bot detection tests. Prior to version 0.3.28, the cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directori…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (29.0th percentile) — read the EPSS interpretation.

Affected products

Cloakhq Cloakbrowser — versions < 0.3.28

Weakness classification (CWE)

CWE-22 — Path Traversal

References

security-advisories@github.com (x_refsource_CONFIRM)