CNNVD-202602-210 Information

CNNVD ID

CNNVD-202602-210

Related CVE

CVE-2026-25151

• CNNVD Published: 2026-02-03

Description (Chinese)

Qwik是Qwik Dev开源的一款微型Web框架。 Qwik 1.19.0之前版本存在跨站请求伪造漏洞，该漏洞源于服务器端请求处理程序对HTTP请求标头的解释不一致，可能导致远程攻击者使用特制或多值的Content-Type标头绕过表单提交CSRF保护。

Description (English)

Qwik is a microWeb framework from Qwik Dev Open Source. Prior to Qwik 1.19.0, there was a cross-site request forgery loophole, which resulted from the inconsistent interpretation of HTTP request header by the server-end request processing process, which could result in the remote attacker using a custom-made or multi-value Content-Type beacon to bypass forms for CSRF protection.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

Qwik Dev

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/QwikDev/qwik/commit/eebf610e04cc3a690f11e10191d09ff0fca1c7ed https://github.com/QwikDev/qwik/security/advisories/GHSA-r666-8gjf-4v5f

Patch

https://github.com/QwikDev/qwik/releases