Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-9595
Undergoing Analysis
More InfoOfficial Page
Source-ce714d77-add3-4f53-aff5-83d477b104bb
View Known Exploited Vulnerability (KEV) details
Published At-15 Jun, 2026 | 16:16
Updated At-15 Jun, 2026 | 21:09

Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin validation, and corrupts the HMR socket (both HMR and the proxy end up writing to the same socket). Patches: Fixed in webpack-dev-server@5.2.5. Workarounds: Scope user-defined proxy context to specific paths instead of /, or omit ws: true from the proxy entry when WebSocket forwarding is not required.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-346Secondaryce714d77-add3-4f53-aff5-83d477b104bb
CWE-441Secondaryce714d77-add3-4f53-aff5-83d477b104bb
CWE ID: CWE-346
Type: Secondary
Source: ce714d77-add3-4f53-aff5-83d477b104bb
CWE ID: CWE-441
Type: Secondary
Source: ce714d77-add3-4f53-aff5-83d477b104bb
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cna.openjsf.org/security-advisories.htmlce714d77-add3-4f53-aff5-83d477b104bb
N/A
https://github.com/facebook/create-react-app/pull/7444ce714d77-add3-4f53-aff5-83d477b104bb
N/A
https://github.com/vuejs/vue-cli/commit/72ba7505aff2a8314e82aa5082379a77504a1fcbce714d77-add3-4f53-aff5-83d477b104bb
N/A
https://github.com/webpack/webpack-dev-server/pull/4316ce714d77-add3-4f53-aff5-83d477b104bb
N/A
https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-mx8g-39q3-5c79ce714d77-add3-4f53-aff5-83d477b104bb
N/A
Hyperlink: https://cna.openjsf.org/security-advisories.html
Source: ce714d77-add3-4f53-aff5-83d477b104bb
Resource: N/A
Hyperlink: https://github.com/facebook/create-react-app/pull/7444
Source: ce714d77-add3-4f53-aff5-83d477b104bb
Resource: N/A
Hyperlink: https://github.com/vuejs/vue-cli/commit/72ba7505aff2a8314e82aa5082379a77504a1fcb
Source: ce714d77-add3-4f53-aff5-83d477b104bb
Resource: N/A
Hyperlink: https://github.com/webpack/webpack-dev-server/pull/4316
Source: ce714d77-add3-4f53-aff5-83d477b104bb
Resource: N/A
Hyperlink: https://github.com/webpack/webpack-dev-server/security/advisories/GHSA-mx8g-39q3-5c79
Source: ce714d77-add3-4f53-aff5-83d477b104bb
Resource: N/A
Change History
0Changes found

Details not found