Zurück zur CVE-Übersicht
CVE-2026-49144
MEDIUM(6.5)CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Risk Signal Score16/100 — NIEDRIG
- CVSS 6.5 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.5
Technische Schwere
Beschreibung
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside the project root and access sensitive files.
GitHub Advisories
GHSA-8rpw-6cqh-2v9hHIGH
browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server
npm/browserstack-runner
GitHub Advisory