CVE-2026-47429informazioni

Riassunto

di MITRE • 14/07/2026

Vitest is a testing framework powered by Vite. Prior to 3.2.5 and 4.1.0, the Vitest UI/API server on Windows used isFileServingAllowed incorrectly for /__vitest_attachment__, allowing \\?\\..\\ path traversal to read files outside the project; exposed API write and rerun features such as saveTestFile and rerun could also allow arbitrary script execution. This issue is fixed in versions 3.2.5 and 4.1.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Divulgazione

14/07/2026

Moderazione

in revisione

EPSS

0.00000

KEV

no

Attività

molto basso

Fonti

Want to stay up to date on a daily basis?

Enable the mail alert feature now!