CVSS 7.5 HIGH
Vulnerability
CVE-2026-53571: vite: `server.fs.deny` bypass on Windows alternate paths
Summary The contents of files that are specified by [server.fs.deny](https://vite.dev/config/server-options#server-fs-deny) can be returned to the browser on Windows. Impact Only apps that match the following conditions…
7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type
📋 Vulnerability Details
| CVE ID | CVE-2026-53571 |
| Vendor | npm |
| Affected Product | vite |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.5 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
🔬 Technical Analysis
#
Summary The contents of files that are specified by [server.fs.deny](https://vite.dev/config/server-options#server-fs-deny) can be returned to the browser on Windows.
Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host))
• the sensitive file exists in the allowed directories specified by [server.fs.allow](https://vite.dev/config/server-options#server-fs-allow)
• either of: - the sensitive file exists in an NTFS volume - the dev server is running on Windows and the sensitive file exists in a volume that 8.3 short name generation is enabled (it is enabled by default on system volumes)
Details Vite’s d
🎯 Known Indicators of Compromise
{"type":"url","value":"https://vite.dev/config/server-options#server-fs-deny)","confidence_score":0.82,"first_seen":"2026-06-15","source_count":1}
{"type":"url","value":"https://vitejs.dev/config/server-options.html#server-host))","confidence_score":0.82,"first_seen":"2026-06-15","source_count":1}
{"type":"url","value":"https://vite.dev/config/server-options#server-fs-allow)","confidence_score":0.82,"first_seen":"2026-06-15","source_count":1}
⚡ DETECTION RULES AVAILABLE
Get CVE-2026-53571 Detection Pack
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.
✓ Sigma Rules
✓ YARA Pack
✓ IOC Table
✓ SIEM Queries
🛡️ Get Detection Pack →
🔌 Access via API →