Skip to content

Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Critical severity GitHub Reviewed Published Jun 1, 2026 in vitest-dev/vitest • Updated Jun 15, 2026

Package

npm @vitest/browser (npm)

Affected versions

>= 5.0.0-beta.0, <= 5.0.0-beta.3
>= 4.0.0, <= 4.1.7
>= 3.0.0, <= 3.2.4

Patched versions

5.0.0-beta.4
4.1.8
3.2.5
npm vite-plus (npm)
<= 0.1.23
0.1.24

Description

Summary

Vitest Browser Mode exposes a cdp() API that forwards raw Chrome DevTools Protocol (CDP) methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec.

As a result, disabling Browser Mode write and exec operations does not prevent a browser API client from using CDP to perform equivalent actions. In a verified reproduction with allowWrite: false and allowExec: false, CDP Page.setDownloadBehavior set the browser download directory to the project root, and CDP Runtime.evaluate downloaded a controlled vite.config.ts. Vitest reloaded the changed config and executed attacker-controlled Node.js code.

When the Browser Mode API is also exposed to the network, this becomes remotely exploitable because the generated browser runner page exposes the API token, active session id, project name, and project root path needed to connect to the browser WebSocket API and select the target download directory.

Impact

This affects Browser Mode projects using a CDP-capable provider, such as Playwright Chromium, when the browser API server is exposed to the network, for example with --browser.api.host=0.0.0.0.

In this mode Vitest warns that write and exec operations are disabled by default, but the generated browser runner page exposes enough metadata for a remote client to authenticate to the browser WebSocket API while an active session exists. This includes the browser API token, active session id, project name, and serialized test config including the project root path. The attacker can then call Vitest's CDP RPC and use Chrome's download controls to overwrite vite.config.ts in the project root. When Vitest reloads the changed config, attacker-controlled Node.js code executes on the host running Vitest.

The same exposed CDP bridge also allows direct browser-session JavaScript execution through Runtime.evaluate. A separate local probe showed that CDP can navigate the browser to a file:// URL and read rendered file contents, but the primary verified impact is config-file overwrite leading to RCE.

Reproduction

For a concrete reproduction, start Browser Mode in watch mode using the official Lit example:

pnpm dlx tiged vitest-dev/vitest/examples/lit vitest-poc
cd vitest-poc
pnpm install

Configure the Browser Mode API to listen on all interfaces while explicitly disabling write and exec operations:

import { playwright } from '@vitest/browser-playwright'
import { defineConfig } from 'vite'

export default defineConfig({
  test: {
    browser: {
      enabled: true,
      provider: playwright(),
      instances: [
        { browser: 'chromium' },
      ],
      api: {
        host: '0.0.0.0',
        allowWrite: false,
        allowExec: false,
      },
    },
  },
})

Then start the test server:

pnpm test

Vitest serves the browser runner HTML and WebSocket API at http://localhost:63315.

While the browser session is active:

  1. Fetch the generated browser runner page:

    http://localhost:63315/__vitest_test__/
    
  2. Extract the embedded browser API token, active session id, project name, and project root:

    • window.VITEST_API_TOKEN
    • __vitest_browser_runner__.sessionId
    • __vitest_browser_runner__.config.name
    • __vitest_browser_runner__.config.root
  3. Connect to the browser API WebSocket as a tester client:

    /__vitest_browser_api__?type=tester&rpcId=<fresh-id>&sessionId=<session-id>&projectName=<project-name>&method=none&token=<token>
    
  4. Call the sendCdpEvent RPC method with:

    Page.setDownloadBehavior({
      behavior: "allow",
      downloadPath: __vitest_browser_runner__.config.root
    })
    
  5. Call sendCdpEvent again with Runtime.evaluate. The evaluated JavaScript creates a Blob containing a malicious Vite config and clicks an anchor element <a download="vite.config.ts">.

  6. Observed result:

    • vite.config.ts is overwritten with attacker-controlled content.
    • Vitest reloads the changed config.
    • The injected Node.js payload runs on the host.

References

@sheremet-va sheremet-va published to vitest-dev/vitest Jun 1, 2026
Published to the GitHub Advisory Database Jun 15, 2026
Reviewed Jun 15, 2026
Last updated Jun 15, 2026

Severity

Critical

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(26th percentile)

Weaknesses

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted. Learn more on MITRE.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action. Learn more on MITRE.

CVE ID

CVE-2026-53633

GHSA ID

GHSA-g8mr-85jm-7xhm

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.