HIGH
ngrok
CVE published 2026-05-18
CVE-2025-57282
A command injection vulnerability affects ngrok versions 4.3.3 and 5.0.0-beta.2, as disclosed in CVE-2025-57282. The vulnerability was published on 2026-05-18 and carries a CVSS 3.1 score of 8.8 (HIGH severity). The attack vector is network-based with low attack complexity, requiring low privileges but no user interaction. Successful exploitation could result in high impact to confidentiality, integrity, [truncated]