CVE-2022-40126

HIGH

Clash for Windows <0.19.9 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-40126. PoCs published by LovelyWei.

AI-analyzed exploit summary This exploit targets CVE-2022-40126 by creating a malicious YAML configuration file in the Clash for Windows service directory and copying a malicious executable to achieve persistence. The exploit leverages the service's automatic execution of the YAML-defined executable to gain code execution.

Description

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

Exploits (1)

nomisec WORKING POC 4 stars
by LovelyWei · poc
https://github.com/LovelyWei/CVE-2022-40126

This exploit targets CVE-2022-40126 by creating a malicious YAML configuration file in the Clash for Windows service directory and copying a malicious executable to achieve persistence. The exploit leverages the service's automatic execution of the YAML-defined executable to gain code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Clash for Windows (specific version not specified)
Auth required
Prerequisites: Local access to the target system · Ability to write files to the Clash service directory
mistral-large-3 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/Fndroid/clash_for_windows_pkg/issues/3405

Scores

CVSS v3 7.8
EPSS 0.0032
EPSS Percentile 24.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-552
Status published
Products (1)
clash_project/clash 0.19.9
Published Sep 29, 2022
Tracked Since Feb 18, 2026