devspace-sh CVE Debriefs

HIGH devspace-sh CVE published 2026-05-14

CVE-2026-42283

CVE-2026-42283 affects DevSpace UI server WebSocket handling before 6.3.21. The server accepted connections from all origins by default, so a malicious website could use a developers browser to open a cross-origin WebSocket to ws://127.0.0.1:8090 and interact with exposed local endpoints.

devspace-sh CVE debriefs

CVE-2026-42283