CVE-2026-6402: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

Overview

Severity
Medium (CVSS 5.3)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploit Status
Not Exploited
Patch Tuesday
2026-May
Released
2026-05-27
Last Updated
2026-06-02
EPSS Score
0.22% (percentile: 12.0%)

Affected Products (1)

Open Source Software

  • azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0

Revision History

  • 2026-05-27: Information published.
  • 2026-05-27: Information published.
  • 2026-06-02: Information published.