CVE-2026-49144 | browserstack browserstack-runner up to 0.9.5 HTTP lib/server.js path traversal (GHSA-8rpw-6cqh-2v9h)

A vulnerability, which was classified as critical, has been found in browserstack browserstack-runner up to 0.9.5. The affected element is an unknown function in the library lib/server.js of the component HTTP Handler. The manipulation leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is listed as CVE-2026-49144. The attack must be carried out from within the local network. There is no available exploit.VulDB Recent EntriesRead More