Resource exhaustion in Sveltejs Kit

CVE-2026-40073

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node…

EPSS: 0.001 (25.6th percentile) — read the EPSS interpretation.

Affected products

Sveltejs Kit — versions < 2.57.1

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp (x_refsource_CONFIRM)
https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95 (x_refsource_MISC)
https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1 (x_refsource_MISC)