LOW
Cyberinsider
CVE published 2026-05-09
CVE-2026-45182
CVE-2026-45182 is a privacy leak in GrapheneOS before build 2026050400. Under the conditions described in the record, an application could cause system_server to transmit UDP traffic on its behalf, which could let an attacker discover the VPN user’s real IP address. The issue is associated with the "Block connections without VPN" and "Always-on VPN" settings being enabled. The published CVSS score is 2.2 [truncated]