2 matches found
CVE-2026-2741
A flaw was found in Vaadin. During the automatic download and extraction of Node.js, a remote attacker could exploit a path traversal vulnerability. By intercepting or controlling the Node.js download, an attacker could serve a specially crafted ZIP archive. This malicious archive would allow fil...
com.github.mcollovati:quarkus-hilla-commons-deployment (=25.0.0-beta1), com.github.mcollovati:quarkus-hilla-deployment (=25.0.0-beta1) +23 more potentially affected by CVE-2026-2741 via com.vaadin:flow-build-tools (>=25.0.0-rc1 <=25.0.2)
com.vaadin:flow-build-tools MAVEN version =25.0.0-rc1, =25.0.0, =25.0.0, =4.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.14 - com.vaadin:gradle-plugin =25.0.13 and more Source cves: CVE-2026-2741 Source advisory: SNYK:JAVA-COMVAADIN-15518324...