CNNVD-202601-2569 Information

CNNVD ID

CNNVD-202601-2569

Related CVE

CVE-2026-22803

• CNNVD Published: 2026-01-15

Description (Chinese)

SvelteKit是Svelte开源的一套Web 开发框架。 SvelteKit 2.49.0版本至2.49.4版本存在安全漏洞，该漏洞源于实验性表单远程函数处理特制有效载荷不当，可能导致内存耗尽拒绝服务。

Description (English)

SvelteKit is a set of Web development frameworks for Svelte open source. There is a security loophole between SvelteKit 2.49.0 and 2.49.4, which arises from the inappropriate handling of special payloads by the experimental form remote function, which may lead to depletion of memory to reject services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Svelte

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5 https://github.com/sveltejs/kit/releases/tag/@sveltejs%2Fadapter-node@5.5.1 https://github.com/sveltejs/kit/security/advisories/GHSA-j2f3-wq62-6q46

Patch

https://github.com/sveltejs/kit/releases