Home

Description

npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them.

PUBLISHED Reserved 2025-08-17 | Published 2025-09-17 | Updated 2025-09-17 | Assigner mitre

References

gist.github.com/R4356th/41f468def606b2406e36f7193f5322b8

github.com/parcel-bundler/parcel/discussions/10089

github.com/parcel-bundler/parcel/issues/10216

cve.org (CVE-2025-56648)

nvd.nist.gov (CVE-2025-56648)

Download JSON