TechBriefing

Java · React 일일 브리핑

2026.05.08 (Fri)

69
릴리즈
41
CVE
44
아티클

🎯 오늘의 헤드라인

Runtime tier S CVE · 05-04 · score 10.0
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.
CVSS 9.8 · CRITICAL
Meta-Framework tier S CVE · 05-07 · score 9.84
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve() HTTP handler. T…
CVSS 8.6 · HIGH
React Core tier S CVE · 05-06 · score 9.68
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopa…
CVSS 7.5 · HIGH
Backend/Java tier S CVE · 04-28 · score 9.5
In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spri…
CVSS 9.1 · CRITICAL
Language/Eco tier S CVE · 05-08 · score 8.94
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery (SSRF) vulnerability exists in @angular/platform-server due to improper handling of URLs durin…

🚀 릴리즈 & 보안 21건

New Releases · 8
React Core · 05-06 · score 7.67
## React Server Components - Type hardening and performance improvements ([#36425](https://github.com/facebook/react/pull/36425) by @eps1lon and @unstubbable)
React Core · 05-06 · score 7.67
## React Server Components - Type hardening and performance improvements ([#36425](https://github.com/facebook/react/pull/36425) by @eps1lon and @unstubbable)
React Core · 05-06 · score 7.67
## React Server Components - Type hardening and performance improvements ([#36425](https://github.com/facebook/react/pull/36425) by @eps1lon and @unstubbable)
React State · 05-08 · score 7.45
Release 2026-05-08 14:26 ## Changes ### Features - lit query adapter (408289450) by @chughgaurav ### Chore - vue-query-devtools: set up vitest environment with production fallback test (#10629) (c8e1b…
React State · 05-08 · score 7.45
### Minor Changes - Add initial @tanstack/lit-query package ([#10652](https://github.com/TanStack/query/pull/10652))
Meta-Framework · 05-07 · score 7.34
This release contains security fixes for the following advisories: High: - [GHSA-8h8q-6873-q5fj: Denial of Service with Server Components](https://github.com/vercel/next.js/security/advisories/GHSA-8h…
Meta-Framework · 05-07 · score 7.34
This release contains security fixes for the following advisories: High: - [GHSA-8h8q-6873-q5fj: Denial of Service with Server Components](https://github.com/vercel/next.js/security/advisories/GHSA-8h…
Tooling · 05-07 · score 7.25
Please refer to [CHANGELOG.md](https://github.com/vitejs/vite/blob/v8.0.11/packages/vite/CHANGELOG.md) for details.
Breaking Changes · 5
Runtime · 05-07
### Notable Changes #### Experimental `node:ffi` module Node.js now includes an experimental `node:ffi` module for loading dynamic libraries and calling native symbols from JavaScript. The API is gate…
Runtime · 05-05
We're excited to announce the release of Node.js 26! Highlights include the Temporal API enabled by default, updates to the V8 JavaScript engine to 14.6, Undici to 8.0, and several important deprecati…
Tooling · 05-07
The Gradle team is excited to announce Gradle 8.14.5. Here are the highlights of this release: - Java 24 support - GraalVM Native Image toolchain selection - Enhancements to test reporting - Build Aut…
Backend/Java · 05-07
# Hibernate ORM 7.4.0.CR1 released Today, we published a new release of Hibernate ORM 7.4: 7.4.0.CR1. You can find the full list of 7.4.0.CR1 changes [here](https://hibernate.atlassian.net/issues/?jql…
React Core · 04-17
**Note:** 7.1.0 accidentally removed the `component-hook-factories` rule, causing errors for users who referenced it in their ESLint config. This is now fixed. - Add deprecated no-op `component-hook-f…
CVE · 6
CVE-2026-26956CVSS 9.8 · CRITICAL
매칭 키워드: node.js · 05-04
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host coopera…
CVE-2026-26332CVSS 9.8 · CRITICAL
매칭 키워드: node.js · 05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.
CVE-2026-24781CVSS 9.8 · CRITICAL
매칭 키워드: node.js · 05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arb…
CVE-2026-24120CVSS 9.8 · CRITICAL
매칭 키워드: node.js · 05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands …
CVE-2026-24118CVSS 9.8 · CRITICAL
매칭 키워드: node.js · 05-04
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host s…
CVE-2026-42353CVSS 8.2 · HIGH
매칭 키워드: node.js · 05-08
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler …
Deprecations · 2
Runtime · 05-05
React Core · 04-17

📈 키워드 트렌드 상승 가중치 기준

https 동반: com, github, pull w 385.7
com 동반: https, github, pull w 351.9
github 동반: https, com, pull w 321.0
this 동반: react, https, vulnerability w 298.7
react 동반: this, file, vulnerability w 200.7
node 동반: prior, this, open w 196.9
데이터 소스: GitHub Releases · NVD CVE · 공식 블로그 RSS (Spring · React · Kotlin · TypeScript · Next.js · Vite).
중요도 score = tier + source weight + CVSS boost − age penalty (0~10).
생성 시각: 2026-05-08 21:30
구독을 원하지 않으시면 여기에서 해지할 수 있습니다.