CNNVD-202602-236 Information

CNNVD ID

CNNVD-202602-236

Related CVE

CVE-2026-25150

• CNNVD Published: 2026-02-03

Description (Chinese)

Qwik是Qwik Dev开源的一款微型Web框架。 Qwik 1.19.0之前版本存在安全漏洞，该漏洞源于formToObj函数存在原型污染漏洞，可能导致未经身份验证的攻击者污染Object.prototype，引发权限提升、身份验证绕过或拒绝服务。

Description (English)

Qwik is a microWeb framework from Qwik Dev Open Source. Qwik 1.19.0 has a security loophole, which stems from the prototype contamination loophole in the FormToObj function, which could lead to the contamination of the object.prototype by unidentified assailants, triggering the upgrading of authority, the circumvention of identification or the denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Qwik Dev

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/QwikDev/qwik/commit/5f65bae2bc33e6ca0c21e4cfcf9eae05077716f7 https://github.com/QwikDev/qwik/security/advisories/GHSA-xqg6-98cw-gxhq

Patch

https://github.com/QwikDev/qwik/releases