CVE-2026-53633 - Vitest: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
CVE ID :CVE-2026-53633 Published : July 14, 2026, 8:17 p.m. | 16 minutes ago Description :Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp() API that forwarded raw Chrome DevTools Protocol methods without being...