HIGH
browserstack
CVE published 2026-06-15
CVE-2026-48723
CVE-2026-48723 is a HIGH-severity vulnerability in the browserstack-cypress-cli, a command-line interface for running Cypress tests on BrowserStack. The vulnerability, which has a CVSS score of 7.8, allows for OS command injection via the cypress_config_file configuration parameter. This is possible because the loadJsFile() function in readCypressConfigUtil.js constructs a shell command by interpolating t [truncated]