Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

CVE-2026-39365 is a CISA KEV-confirmed path traversal in Vite’s development server (CVSS 7.5, High) that allows unauthenticated reads of arbitrary source map files outside the project root, including .env files, private keys, and configuration files accessible by the Vite process. Affected versions span three active release branches: 6.0.0 through 6.4.1, 7.x through 7.3.1, and 8.x through 8.0.4. CISA KEV confirmation signals active exploitation; any Vite dev server reachable by untrusted parties is an immediate source disclosure and credential exposure risk.

Author

Tech Jacks Solutions