SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, April 3rd, 2026: Vite Exploits; OpenSSH 10.3; Claude Code Vuln
Apr 3, 2026
Scans targeting a Vite file-access flaw and how attackers bypass controls to read files. New OpenSSH 10.3 release highlights and a rare operator code execution caveat. A source map leak from Claude Code led researchers to find a whitelist bypass that can allow dangerous commands after a threshold.
AI Snips
Chapters
Transcript
Episode notes
Patch And Lock Down Vite Instances
- Do ensure Vite instances are not publicly exposed and update to the latest patched version.
- Check for misconfigurations: Vite commonly listens on port 5173 but scans were targeting standard HTTP ports, indicating exposed or misrouted installs.
Vite File Access Bypass
- Vite developer tool exposes local files via simple HTTP FS paths by default.
- A URL suffix ending with ??raw bypasses access controls and yields arbitrary filesystem access, observed in honeypot scans.
Update OpenSSH Sensibly
- Apply OpenSSH updates when your OS/distribution provides them but prioritize based on your configuration exposure.
- Don't panic-patch immediately unless you use the rare percent-token username expansion configuration described.