A vulnerability classified as problematic was found in webpack-dev-server up to 5.2.5. The impacted element is an unknown function of the file /webpack-dev-server/open-editor of the component GET Request Handler. The manipulation results in cross-site request forgery.
This vulnerability is reported as CVE-2026-14620. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.