CVE-2026-39363: Bypass Fs Check Via Hardcoded Env
Bypassing a filesystem access check using a hardcoded environment or role string (e.g., `consumer === 'server'`) can allow arbitrary file reads if the check evaluates user-controlled paths. Use explicit configuration flags to determine if checks should be bypassed rather than relying on broad environment labels.
greprules fetch cve-2026-39363-bypass-fs-check-via-hardcoded-env --engine opengrepDescription
Bypassing a filesystem access check using a hardcoded environment or role string (e.g., `consumer === 'server'`) can allow arbitrary file reads if the check evaluates user-controlled paths. Use explicit configuration flags to determine if checks should be bypassed rather than relying on broad environment labels.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.