CVE-2026-53632

Sažetak

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result in credential compromise through offline hash cracking. This vulnerability is fixed in 2.14.1.

Reference

https://github.com/vitejs/launch-editor/security/advisories/GHSA-v6wh-96g9-6wx3
https://github.com/vitejs/launch-editor/security/advisories/GHSA-v6wh-96g9-6wx3

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

23-06-2026 - 15:44

Objavljeno

22-06-2026 - 18:16