53M Downloads At Risk: Critical 9.8 CVSS Vitest Remote Code Execution Vulnerabilities Disclosed

Critical vulnerabilities in the Vitest framework (including CVE-2026-47428 and CVE-2026-47429) allow attackers to execute arbitrary code, steal authentication tokens, and access files across Windows projects via reflected script injection, path traversal, and an exposed Chrome DevTools Protocol bridge; maintainers released patches (v4.1.6 / 5.0.0-beta.3) that add allowWrite/allowExec controls and limit dangerous automation when bound to public addresses — users should update and restrict network exposure immediately.