CVE-2026-49143 | browserstack browserstack-runner up to 0.9.5 HTTP /_log vm.runInNewContext code injection (GHSA-6vr3-7wcx-v5g5)

SecurityVulns
Yanac

A vulnerability identified as critical has been detected in browserstack browserstack-runner up to 0.9.5. Affected by this vulnerability is the function vm.runInNewContext of the file /_log of the component HTTP Handler. The manipulation leads to code injection. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is uniquely identified as CVE-2026-49143. The attack can only be initiated within the local network. No exploit exists.VulDB Recent EntriesRead More