CNNVD-202602-213 Information

CNNVD ID

CNNVD-202602-213

Related CVE

CVE-2026-25149

• CNNVD Published: 2026-02-03

Description (Chinese)

Qwik是Qwik Dev开源的一款微型Web框架。 Qwik 1.19.0之前版本存在输入验证错误漏洞，该漏洞源于默认请求处理程序中间件存在开放重定向漏洞，可能导致远程攻击者将用户重定向到任意协议相对URL。

Description (English)

Qwik is a microWeb framework from Qwik Dev Open Source. Qwik 1.19.0 has an input-validation error loophole, which stems from the open re-direction gap in the middle of the default request processing process, which may result in a remote attacker redirecting the user to an arbitrary agreement relative to the URL.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Qwik Dev

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/QwikDev/qwik/security/advisories/GHSA-92j7-wgmg-f32m https://github.com/QwikDev/qwik/commit/9959eab30a3ad9cc03689eaa080fcfbc33df71ed https://access.redhat.com/security/cve/cve-2026-25149

Patch

https://github.com/QwikDev/qwik/releases