Skip to content

Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Critical severity GitHub Reviewed Published Jun 1, 2026 in vitest-dev/vitest • Updated Jun 15, 2026

No open alerts for this advisory

Give feedback on Dependabot alerts