Vulnerability in Sveltejs Kit

CVE-2026-27118

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental S…

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

Affected products

Sveltejs Kit — versions < 6.3.2

Weakness classification (CWE)

CWE-346 — Origin Validation Error

References

https://github.com/sveltejs/kit/security/advisories/GHSA-9pq4-5hcf-288c (x_refsource_CONFIRM)