Vulnerability in Sveltejs Kit

CVE-2026-22803

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A…

EPSS: 0.000 (6.6th percentile) — read the EPSS interpretation.

Affected products

Sveltejs Kit — versions >= 2.49.0, < 2.49.5

Weakness classification (CWE)

CWE-789

References

https://github.com/sveltejs/kit/security/advisories/GHSA-j2f3-wq62-6q46 (x_refsource_CONFIRM)
https://github.com/sveltejs/kit/commit/8ed8155215b9a74012fecffb942ad9a793b274e5 (x_refsource_MISC)
https://github.com/sveltejs/kit/releases/tag/@sveltejs%2Fadapter-node@5.5.1 (x_refsource_MISC)