SecBoard
Zurück zur CVE-Übersicht

CVE-2026-49144

MEDIUM(6.5)

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Risk Signal Score16/100 — NIEDRIG
  • CVSS 6.5 — Mittel

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.5

Technische Schwere

Beschreibung

BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside the project root and access sensitive files.

GitHub Advisories

GHSA-8rpw-6cqh-2v9hHIGH

browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server

npm/browserstack-runner
GitHub Advisory

Referenzen