Path Traversal in Vitejs Vite
CVE-2026-53571
Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensiti…
Vulnerability class: Path Traversal (Directory Traversal)
Affected products
- Vitejs Vite — versions >= 8.0.0, < 8.0.16, >= 7.0.0, < 7.3.5, < 6.4.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)