MEDIUM
Webpack.js
CVE published 2026-05-12
CVE-2026-6402
CVE-2026-6402 describes a cross-origin source code exposure issue in webpack-dev-server when it is served over a non-potentially trustworthy origin such as plain HTTP. A site visited by a developer can load the dev server’s bundled source as a script and read it across origins, potentially revealing application source code. The vendor fixed the issue in webpack-dev-server 5.2.4 by setting Cross-Origin-Res [truncated]