Loading market data...
← Back to CVE feed

CVE-2026-49144

MEDIUM CVSS 6.5 View on NVD ↗

Description

BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside the project root and access sensitive files.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: Jun 02, 2026 21:16 UTC Modified: Jun 03, 2026 16:16 UTC