CRITICAL
vitest-dev
CVE published 2026-07-14
CVE-2026-53633
CVE-2026-53633 is a critical vulnerability in Vitest Browser Mode, allowing remote code execution via the Chrome DevTools Protocol. Versions 3.0.0 to 3.2.5, 4.1.8, and 5.0.0-beta.4 are affected. The issue is fixed in versions 3.2.5, 4.1.8, and 5.0.0-beta. The vulnerability has a CVSS score of 9.8 and is classified as CRITICAL. The vulnerability exists in the Vitest Browser Mode's cdp() API, which exposes [truncated]