CVE-2026-47429
Vitest (a Vite-based testing framework) is affected by CVE-2026-47429 due to an incorrect isFileServingAllowed check in the Vitest UI/API server on Windows for the path /vitest_attachment . This allows a ?..\ path traversal to read files outside the project, and could enable arbitrary script exec...