CVE-2026-49144

Name of the Vulnerable Software and Affected Versions BrowserStack Runner versions 0.1.0 through 0.9.5 Notepad++ versions prior to 8.8.2

Description BrowserStack Runner contains a path traversal issue in the default HTTP handler within lib/server.js. This allows unauthenticated network-adjacent attackers to access the HTTP server bound on all interfaces to traverse outside the project root and read arbitrary sensitive files.

Notepad++ contains an issue where the installer allows unprivileged users to gain SYSTEM-level privileges due to insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable into the same directory, resulting in the automatic execution of the attack with SYSTEM privileges upon running the installer.

Recommendations For BrowserStack Runner versions 0.1.0 through 0.9.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability. Update Notepad++ to version 8.8.2.