CVE-2026-2741
A flaw was found in Vaadin. During the automatic download and extraction of Node.js, a remote attacker could exploit a path traversal vulnerability. By intercepting or controlling the Node.js download, an attacker could serve a specially crafted ZIP archive. This malicious archive would allow fil...