A vulnerability, which was classified as critical , has been found in browserstack browserstack-runner up to 0.9.5 . The affected element is an unknown function in the library lib/server.js of the component HTTP Handler . The manipulation leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is listed as CVE-2026-49144 . The attack must be carried out from within the local network. There is no available exploit.