🚨 CRITICAL: CVE-2026-47429 - Vitest UI Server Arbitrary File Read/Execute Vulnerability
Severity: CRITICAL
GHSA: GHSA-5xrq-8626-4rwp
CVE: CVE-2026-47429
Affected Package: vitest
Impact: Remote Code Execution (RCE)
Description
Critical vulnerability in Vitest UI server allowing arbitrary file read and execution when the Vitest UI server is listening. This could enable attackers to execute malicious code on systems running vulnerable versions of agentstack with Vitest UI enabled.
Impact Details
- Arbitrary File Read: Attackers can read files they shouldn't have access to
- Arbitrary Code Execution: Files can be executed, leading to full system compromise
- Affected Files: 30 files in the repository
Remediation Steps
- Update
vitest package to the patched version as specified in GHSA-5xrq-8626-4rwp
- Disable Vitest UI server if not required in production environments
- Audit all instances where Vitest UI might be enabled
- Review dependency tree for transitive dependencies using vulnerable vitest versions
References
Priority
IMMEDIATE ACTION REQUIRED - This vulnerability allows remote code execution and affects a significant number of files in the codebase.
Automated security scan detected this critical vulnerability. Please prioritize remediation.
🚨 CRITICAL: CVE-2026-47429 - Vitest UI Server Arbitrary File Read/Execute Vulnerability
Severity: CRITICAL
GHSA: GHSA-5xrq-8626-4rwp
CVE: CVE-2026-47429
Affected Package: vitest
Impact: Remote Code Execution (RCE)
Description
Critical vulnerability in Vitest UI server allowing arbitrary file read and execution when the Vitest UI server is listening. This could enable attackers to execute malicious code on systems running vulnerable versions of agentstack with Vitest UI enabled.
Impact Details
Remediation Steps
vitestpackage to the patched version as specified in GHSA-5xrq-8626-4rwpReferences
Priority
IMMEDIATE ACTION REQUIRED - This vulnerability allows remote code execution and affects a significant number of files in the codebase.
Automated security scan detected this critical vulnerability. Please prioritize remediation.