CVE-2026-47428
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.6 / 10
Vulnerability Description
Vitest browser mode serves unsanitized otelCarrier query parameter as inline script
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
npm
Product
@vitest/browser
External References
- https://github.com/vitest-dev/vitest/security/advisories/GHSA-2h32-95rg-cppp
- https://github.com/vitest-dev/vitest/blob/cba2036a197ec8ed42c35a37db78ef07192202c7/packages/browser/src/client/public/esm-client-injector.js#L41
- https://github.com/vitest-dev/vitest/blob/cba2036a197ec8ed42c35a37db78ef07192202c7/packages/browser/src/node/serverOrchestrator.ts#L48
- https://github.com/advisories/GHSA-2h32-95rg-cppp
Discussion (0)
Add Comment
No comments yet. Be the first!