Apr 6, 2026·6 min read·46 visits
Vite prior to versions 6.4.2, 7.3.2, and 8.0.5 lacks filesystem boundary enforcement on its WebSocket RPC interface. Unauthenticated attackers can bypass `server.fs.allow` restrictions to read sensitive local files by invoking `fetchModule` via the HMR WebSocket.
The Vite development server exposes a WebSocket Remote Procedure Call (RPC) interface for Hot Module Replacement (HMR). A missing filesystem authorization check in the `fetchModule` handler allows unauthenticated network attackers to read arbitrary files from the host system when the server is exposed via the `--host` parameter.
The Vite frontend tooling framework provides a development server designed to accelerate local software engineering workflows. This development server relies on a Hot Module Replacement (HMR) mechanism to push code updates to the browser without requiring a full page refresh. Communication between the development server and the browser relies on a bidirectional WebSocket channel.
The vulnerability, tracked as GHSA-P9FF-H696-F583, represents an authorization bypass within this WebSocket interface. The bug class corresponds to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-284 (Improper Access Control). The vulnerability manifests because the remote procedure call (RPC) mechanism fails to enforce the filesystem boundaries that restrict standard HTTP requests.
Exploitation of this flaw grants an unauthenticated attacker the ability to read arbitrary files from the machine hosting the Vite development server. This attack requires the server to be exposed to the local network or internet using the --host configuration flag. Systems running exposed development servers inside CI/CD pipelines or shared developer environments present the highest risk profile.
Vite restricts file system access to prevent external entities from reading arbitrary files outside the workspace directory. Standard HTTP requests destined for the development server pass through transformMiddleware. This middleware explicitly validates the requested file path against the server.fs.allow configuration directive.
The root cause of GHSA-P9FF-H696-F583 lies in an alternative execution path exposed by the HotChannel WebSocket connection. This channel implements a custom RPC mechanism intended for development tasks. The channel exposes a vite:invoke command, which allows connected clients to trigger the execution of server-side methods, specifically the fetchModule function.
The fetchModule execution path completely bypassed the transformMiddleware filesystem checks. Consequently, an attacker communicating directly over the WebSocket protocol faced no authorization boundaries. The underlying file system access functions executed the read operations using the privileges of the running Node.js process.
To extract the file content rather than execute it, attackers appended query parameters such as ?raw or ?inline to the requested file path. This parameter instructed the Vite transformation pipeline to skip module compilation and return the raw file content encapsulated within an exported JavaScript string.
The pre-patch architecture coupled filesystem access checks directly to the HTTP middleware pipeline. Methods exposed via the WebSocket interface assumed the client possessed authorization to request workspace files. This architectural flaw enabled the bypass.
The maintainers resolved the vulnerability in commit f02d9fde0b195afe3ea2944414186962fbbe41e0. The primary structural change involved relocating the isServerAccessDeniedForTransform logic. Instead of residing solely in the HTTP middleware, the check now exists inside the core transformRequest function.
// Inside transformRequest (Patch Snapshot)
if (!skipFsCheck && isServerAccessDeniedForTransform(url, server)) {
throw new Error(`Access denied to ${url}`);
}This modification ensures that any module transformation, regardless of the entry point (HTTP or WebSocket), must satisfy the filesystem boundary checks. The patch introduced a skipFsCheck boolean to accommodate trusted internal operations.
Additionally, the patch hardens the default client environment. The default DevEnvironment object now includes a disableFetchModule: true property. This secondary defense mechanism outright prevents the WebSocket interface from processing fetchModule requests initiated by untrusted clients.
Exploitation requires the target Vite development server to accept network connections. This condition is satisfied when developers start Vite with the --host 0.0.0.0 argument or configure server.host identically. The WebSocket server listens on the same port as the development web interface.
The attacker initiates the exploit chain by establishing a direct WebSocket connection to the target port. If direct network access is constrained by firewalls but the attacker controls a website visited by the developer, the attacker can leverage Cross-Site WebSocket Hijacking (CSWSH). CSWSH succeeds because the default WebSocket configuration often lacks strict Origin header validation.
Once the WebSocket connection initializes, the attacker constructs a JSON-formatted payload mimicking the vite:invoke custom event. The payload explicitly requests the fetchModule method and passes an absolute file:// URI appended with the ?raw query parameter.
{
"type": "custom",
"event": "vite:invoke",
"data": {
"name": "fetchModule",
"id": "exploit_id",
"data": ["file:///etc/passwd?raw"]
}
}The server receives the payload, bypasses the filesystem check, and returns a JSON response containing the file data. The raw file content arrives wrapped in standard JavaScript export syntax, requiring the attacker to parse the string to reconstruct the original system file.
The vulnerability results in a total loss of confidentiality for the underlying host filesystem. The attacker operates with the exact read privileges assigned to the user executing the Vite process. In modern development workflows, this typically equates to full access over the user's home directory and active workspace.
Attackers systematically target high-value assets stored locally by developers. Immediate targets include SSH keys located in ~/.ssh/, cloud provider credentials in ~/.aws/credentials, and hardcoded secrets within .env files. Access to these files facilitates subsequent lateral movement into production environments or source code repositories.
The CVSS v4.0 vector (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) generates a score of 8.2. The metric AT:P (Attack Requirements: Present) accurately reflects the prerequisite that the server must be explicitly exposed via the --host configuration. The High Confidentiality (VC:H) metric underscores the severity of the arbitrary file read capability.
The comprehensive remediation strategy requires upgrading the vite package to a securely patched version. Organizations utilizing Vite 6.x must upgrade to version 6.4.2. Projects relying on Vite 7.x must upgrade to version 7.3.2. Environments operating Vite 8.x require an upgrade to version 8.0.5.
If immediate software updates are impossible, administrators must eliminate network exposure. Remove the --host argument from package scripts and ensure server.host is undefined or explicitly bound to the loopback interface (127.0.0.1). This action restricts the attack surface strictly to the local machine.
Security teams should proactively audit the server.fs.allow configuration directive across all Vite projects. Ensure that server.fs.strict remains enabled (the default behavior) and that the allowed paths specify the narrowest possible directories required for the application to function. This defense-in-depth measure mitigates the impact of unknown filesystem bypasses.
The provided patch represents a complete fix for the specific flaw. By centralizing the filesystem authorization check inside the transformRequest function, the maintainers structurally eliminated the possibility of alternate entry points bypassing the security boundaries.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N| Product | Affected Versions | Fixed Version |
|---|---|---|
vite Vitejs | >= 6.0.0, < 6.4.2 | 6.4.2 |
vite Vitejs | >= 7.0.0, < 7.3.2 | 7.3.2 |
vite Vitejs | >= 8.0.0, < 8.0.5 | 8.0.5 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-200, CWE-284 |
| Attack Vector | Network (AV:N) |
| CVSS v4.0 Score | 8.2 (High) |
| Authentication | None Required (PR:N) |
| Impact | High Confidentiality Loss (Arbitrary File Read) |
| Exploit Status | Proof of Concept Available |
| KEV Status | Not Listed |
Exposure of Sensitive Information to an Unauthorized Actor via Improper Access Control and bypassing defined boundaries.
Adobe ColdFusion versions 2025.9 and 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434). An unauthenticated remote attacker can exploit this flaw to upload malicious ColdFusion Markup Language (CFML) files directly into web-accessible directories. Accessing the uploaded script triggers arbitrary code execution in the security context of the running service account.
CVE-2026-46599 (also identified by Go vulnerability alias GO-2026-5032) is a high-severity denial-of-service vulnerability in the Go image repository, specifically within the TIFF decoder's PackBits decompression engine. A lack of resource limits during the parsing of Run-Length Encoded PackBits streams allows an attacker to construct a crafted TIFF image that achieves significant decompression amplification. This flaw enables an unauthenticated remote attacker to exhaust system resources, leading to an Out-of-Memory crash or a prolonged application hang.
A property shadowing vulnerability exists in protobufjs where schema-derived names can collide with and overwrite runtime-critical internal helper properties. This issue leads to uncaught runtime exceptions and crash-based Denial of Service.
An integer truncation vulnerability (CWE-197) exists in SQLite before version 3.50.2 during the processing of aggregate queries with more than 32,767 distinct column references. This causes an internal 32-bit counter to truncate to a signed 16-bit integer, producing negative values that cause out-of-bounds heap operations in release builds.
An integer overflow vulnerability in the Windows kernel-mode HTTP driver (HTTP.sys) allows an unauthenticated remote attacker to execute arbitrary code with kernel privileges or cause a Denial of Service via a specially crafted sequence of HTTP request headers.
A memory corruption vulnerability exists in the FTS5 (Full-Text Search 5) extension of SQLite prior to version 3.53.2. An attacker can construct a malicious database file containing corrupt FTS5 page data. Querying this database triggers out-of-bounds reads and heap-based buffer overflows, potentially causing a crash or arbitrary code execution.