CVE-2026-47429 - Vitest: Arbitrary file can be read and executed when Vitest UI server is listening
CVE ID :CVE-2026-47429 Published : July 14, 2026, 8:17 p.m. | 17 minutes ago Description :Vitest is a testing framework powered by Vite. Prior to 3.2.5 and 4.1.0, the Vitest UI/API server on Windows used isFileServingAllowed incorrectly for /__vitest_attachment__, allowing \\?\\..\\ path...