PatchSiren

vitest-dev CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL vitest-dev CVE published 2026-07-14

CVE-2026-53633

CVE-2026-53633 is a critical vulnerability in Vitest Browser Mode, allowing remote code execution via the Chrome DevTools Protocol. Versions 3.0.0 to 3.2.5, 4.1.8, and 5.0.0-beta.4 are affected. The issue is fixed in versions 3.2.5, 4.1.8, and 5.0.0-beta. The vulnerability has a CVSS score of 9.8 and is classified as CRITICAL. The vulnerability exists in the Vitest Browser Mode's cdp() API, which exposes [truncated]