CVE-2026-45182
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45182
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let system_server transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" and "Always-on VPN" settings are enabled.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
未有动机的代理或中间人(混淆代理)
Source: NVD (National Vulnerability Database)
Vulnerability Title
GrapheneOS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GrapheneOS是GrapheneOS公司的一个移动操作系统。 GrapheneOS 2026050400之前版本存在安全漏洞,该漏洞源于registerQuicConnectionClosePayload优化,可能导致攻击者发现VPN用户的真实IP地址。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| GrapheneOS | GrapheneOS | 0 ~ 2026050400 | - |
II. Public POCs for CVE-2026-45182
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45182
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-441
- CVE-2026-3160
Unintended Proxy or Intermediary ('Confused Deputy') in GitL - CVE-2026-45003
OpenClaw < 2026.4.22 - Connector Endpoint Host Override via - CVE-2026-44992
OpenClaw 2026.4.5 < 2026.4.20 - MiniMax API Host Override vi - CVE-2026-42313
pyload-ng: non-admin SETTINGS users can redirect all outboun - CVE-2026-41365
OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API
V. Comments for CVE-2026-45182
No comments yet