CVE-2026-14802 | react create-react-app up to 5.0.1 on macOS react-dev-utils openBrowser.js startBrowserProcess os command injection (Issue 17269)
A vulnerability was found in react create-react-app up to 5.0.1 on macOS. It has been classified as critical. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection.
This vulnerability is known as CVE-2026-14802. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More