Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-14631
PUBLISHED
More InfoOfficial Page
Assigner-openjs
Assigner Org ID-ce714d77-add3-4f53-aff5-83d477b104bb
View Known Exploited Vulnerability (KEV) details
Published At-03 Jul, 2026 | 17:23
Updated At-03 Jul, 2026 | 17:23
Rejected At-
▼CVE Numbering Authority (CNA)
webpack-dev-server vulnerable to denial of service via a malformed Host or Origin header

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught exception in the host-validation path and crashes the dev server. Impact is limited to availability of the development server, no data disclosure, no code execution. Patches: upgrade to webpack-dev-server 5.2.6. Workarounds: keep the dev server bound to localhost (the default) and do not expose it to untrusted networks.

Affected Products
Vendor
webpack-dev-server
Product
webpack-dev-server
Default Status
unaffected
Versions
Affected
  • From 0 before 5.2.6 (semver)
Unaffected
  • 5.2.6 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
CWECWE-248CWE-248: Uncaught Exception
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-248
Description: CWE-248: Uncaught Exception
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
Str1ckl4nd
coordinator
bjohansebas
analyst
UlisesGascon
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-m28w-2pqf-7qgj
N/A
https://cna.openjsf.org/security-advisories.html
N/A
Hyperlink: https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-m28w-2pqf-7qgj
Resource: N/A
Hyperlink: https://cna.openjsf.org/security-advisories.html
Resource: N/A
Details not found