Inlay

//

Post

🚨 Medium-severity security fix in [email protected] just released! Patches CVE-2026-9595. webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies. github.com/webpack/webp...

3d

### Impact When a user-configured proxy on `webpack-dev-server` has a broad context (e.g. `/`) and `ws: true`, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy ta...

github.com

webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Ulises Gascón