CVSS 7.7 HIGH
Vulnerability
CVE-2026-42283: DevSpace UI Server WebSocket CheckOrigin does not validate source
Description DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses…
7.7CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type
📋 Vulnerability Details
| CVE ID | CVE-2026-42283 |
| Vendor | go |
| Affected Product | github.com/loft-sh/devspace |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.7 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
🔬 Technical Analysis
#
Description DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use their browser to establish a cross-origin WebSocket connection to ws://127.0.0.1:8090. This allows an attacker to access: * /api/logs to stream real-time pod logs
• /api/enter to open an interactive shell inside the running pod
• /api/command to execute pre-defined pipeline commands
Patches Versions 6.3.21 and above are patched.
Resources [gorilla/websocket CheckOrigin documentation](https://pkg.go.dev/github.com/gorilla/websocket#hdr-Origin_Considerations)
Installation Options
🎯 Known Indicators of Compromise
{"type":"url","value":"https://pkg.go.dev/github.com/gorilla/websocket#hdr-Origin_Considerations)","confidence_score":0.82,"first_seen":"2026-05-06","source_count":1}
⚡ DETECTION RULES AVAILABLE
Get CVE-2026-42283 Detection Pack
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.
✓ Sigma Rules
✓ YARA Pack
✓ IOC Table
✓ SIEM Queries
🛡️ Get Detection Pack →
🔌 Access via API →