Vulnerability in Vitejs Launch-editor
CVE-2026-53632
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attemp…
Affected products
- Vitejs Launch-editor — versions < 2.14.1
- Vitejs Vite — versions >= 8.0.0, < 8.0.16, >= 7.0.0, < 7.3.5, < 6.4.3
- Vitejs Vite-plus — versions < 0.1.24
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)