<0.1% probability · 13.7th percentile — 2026-05-12
Affected versions
Neko 3.0.0 through 3.0.10, 3.1.0 through 3.1.1
Summary
This vulnerability affects Neko, a widely used open-source self-hosted virtual browser. Any authenticated low-privilege user can exploit the flaw to gain full administrative control of the entire Neko instance. The compromise allows attackers to modify all instance settings, access all session data, and take over the entire hosting environment.
Remediation
Upgrade Neko to version 3.0.11 (for the 3.0.x track) or 3.1.2 (for the 3.1.x track) immediately, which patches the vulnerability. If upgrading is not possible immediately, restrict Neko access to only fully trusted users and add additional authentication layers in front of the instance. Monitor for unexpected administrative actions until full remediation.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.