Input validation error in webpack-dev-server - CVE-2026-14631
Published: July 7, 2026
webpack-dev-server
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the host-validation path when handling HTTP requests or WebSocket upgrade requests with malformed Host or Origin headers. A remote attacker can send a specially crafted request to cause a denial of service.
The issue can be triggered through a normal HTTP request or through a WebSocket upgrade to the default /ws endpoint.