CNNVD-202602-214 Information

CNNVD ID

CNNVD-202602-214

Related CVE

CVE-2026-25155

• CNNVD Published: 2026-02-03

Description (Chinese)

Qwik是Qwik Dev开源的一款微型Web框架。 Qwik 1.12.0之前版本存在跨站请求伪造漏洞，该漏洞源于正则表达式存在拼写错误，导致对某些Content-Type标头的解析不正确。

Description (English)

Qwik is a microWeb framework from Qwik Dev Open Source. The previous version of Qwik 1.12.0 had a cross-site request for a false loophole, which stemmed from a spelling error in the regular expression, resulting in incorrect interpretation of some Contractor-Type headers.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

Qwik Dev

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/QwikDev/qwik/commit/d70d7099b90b998f1aac7cedc21c67d87bac4c75 https://github.com/QwikDev/qwik/security/advisories/GHSA-vm6g-8r4h-22x8

Patch

https://github.com/QwikDev/qwik/releases