Volerion logoVolerion
Volerion logoVolerion

CloakBrowser Path Traversal Vulnerability in cloakserve Component Leading to Arbitrary Directory Deletion

Vulnerability

A path traversal vulnerability has been identified in CloakBrowser versions through 0.3.27. The issue arises in the cloakserve CDP multiplexer, which uses the user-supplied fingerprint query parameter as a filesystem path component for creating Chrome profile directories. An unauthenticated attacker with access to the cloakserve port can inject crafted fingerprint values containing path traversal sequences. This manipulation can redirect the user_data_dir outside the designated data_dir. When the Chrome process fails to start or is terminated, the shutil.rmtree() function deletes the traversed path, causing arbitrary directory deletion. Additionally, cloakserve is bound to 0.0.0.0 by default, exposing it to the network.

Impact

Exploitation of this vulnerability allows for the arbitrary deletion of directories accessible to the service user.

Remediation

Users are advised to upgrade to CloakBrowser version 0.3.28 or later and restrict network access to the cloakserve port.

Added: Jun 1, 2026, 8:02 PM
Updated: Jun 1, 2026, 8:02 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
7.0
remediation
0.0
relevance
9.7
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.